From 4e16ee6d78ba4a2d456a2d5bf48365a808b1acf2 Mon Sep 17 00:00:00 2001 From: Greg Szabo Date: Wed, 31 May 2017 19:58:55 -0400 Subject: [PATCH] Refactored Ansible, added tendermint and basecoin configuration and multiple playbooks --- ansible/README.md | 98 +- ansible/config.yml | 7 + ansible/group_vars/all | 45 + ansible/install.yml | 10 +- ansible/inventory/ec2.ini | 209 +++ ansible/inventory/ec2.py | 1595 +++++++++++++++++ ansible/reinit.yml | 8 + ansible/reset.yml | 9 + ansible/restart.yml | 7 + ansible/roles/basecoin/tasks/start.yml | 26 - ansible/roles/cleanupconfig/defaults/main.yml | 6 + .../roles/cleanupconfig/tasks/basecoin.yml | 5 + ansible/roles/cleanupconfig/tasks/main.yml | 9 + .../roles/cleanupconfig/tasks/tendermint.yml | 5 + ansible/roles/config/defaults/main.yml | 12 + ansible/roles/config/tasks/basecoin.yml | 43 + ansible/roles/config/tasks/main.yml | 9 + ansible/roles/config/tasks/tendermint.yml | 38 + ansible/roles/config/templates/config.toml.j2 | 16 + .../config/templates/genesis-basecoin.json.j2 | 32 + .../templates/genesis-tendermint.json.j2 | 32 + .../ansible.cfg | 0 .../defaults/main.yml | 9 +- ansible/roles/install-basecoin/files/key.json | 11 + .../roles/install-basecoin/files/key2.json | 11 + .../handlers/main.yml | 0 .../tasks/install.yml | 27 +- .../tasks/main.yml | 2 +- .../templates/basecoin.conf.j2 | 2 +- .../templates/basecoin.systemd.j2 | 8 +- .../vars/Debian.yml | 0 .../vars/RedHat.yml | 0 .../defaults/main.yml | 7 +- .../handlers/main.yml | 0 .../tasks/install.yml | 17 +- .../tasks/main.yml | 3 +- .../templates/tendermint.conf.j2 | 2 +- .../templates/tendermint.systemd.j2 | 4 +- .../vars/Debian.yml | 0 .../vars/RedHat.yml | 0 ansible/roles/start/defaults/main.yml | 3 + ansible/roles/start/tasks/main.yml | 9 + ansible/roles/stop/defaults/main.yml | 3 + ansible/roles/stop/tasks/main.yml | 9 + ansible/roles/tendermint/tasks/genesis.yml | 19 - ansible/roles/tendermint/tasks/start.yml | 26 - .../tendermint/templates/genesis.json.j2 | 16 - ansible/start.yml | 7 + ansible/stop.yml | 7 + create-digitalocean-testnet.sh | 39 +- terraforce/scripts/copy_run.sh | 10 - terraforce/scripts/init.sh | 43 - terraforce/scripts/query.sh | 11 - terraforce/scripts/reset.sh | 10 - terraforce/scripts/restart.sh | 9 - terraforce/scripts/start.sh | 10 - terraforce/scripts/stop.sh | 9 - terraform-aws/README.md | 4 + .../README.md | 0 .../cluster/main.tf | 0 .../cluster/outputs.tf | 0 .../cluster/variables.tf | 0 .../main.tf | 2 +- {terraforce/transact => transact}/transact.go | 0 64 files changed, 2302 insertions(+), 268 deletions(-) create mode 100644 ansible/config.yml create mode 100644 ansible/group_vars/all create mode 100644 ansible/inventory/ec2.ini create mode 100644 ansible/inventory/ec2.py create mode 100644 ansible/reinit.yml create mode 100644 ansible/reset.yml create mode 100644 ansible/restart.yml delete mode 100644 ansible/roles/basecoin/tasks/start.yml create mode 100644 ansible/roles/cleanupconfig/defaults/main.yml create mode 100644 ansible/roles/cleanupconfig/tasks/basecoin.yml create mode 100644 ansible/roles/cleanupconfig/tasks/main.yml create mode 100644 ansible/roles/cleanupconfig/tasks/tendermint.yml create mode 100644 ansible/roles/config/defaults/main.yml create mode 100644 ansible/roles/config/tasks/basecoin.yml create mode 100644 ansible/roles/config/tasks/main.yml create mode 100644 ansible/roles/config/tasks/tendermint.yml create mode 100644 ansible/roles/config/templates/config.toml.j2 create mode 100644 ansible/roles/config/templates/genesis-basecoin.json.j2 create mode 100644 ansible/roles/config/templates/genesis-tendermint.json.j2 rename ansible/roles/{basecoin => install-basecoin}/ansible.cfg (100%) rename ansible/roles/{basecoin => install-basecoin}/defaults/main.yml (74%) create mode 100644 ansible/roles/install-basecoin/files/key.json create mode 100644 ansible/roles/install-basecoin/files/key2.json rename ansible/roles/{basecoin => install-basecoin}/handlers/main.yml (100%) rename ansible/roles/{basecoin => install-basecoin}/tasks/install.yml (81%) rename ansible/roles/{basecoin => install-basecoin}/tasks/main.yml (91%) rename ansible/roles/{basecoin => install-basecoin}/templates/basecoin.conf.j2 (58%) rename ansible/roles/{basecoin => install-basecoin}/templates/basecoin.systemd.j2 (53%) rename ansible/roles/{basecoin => install-basecoin}/vars/Debian.yml (100%) rename ansible/roles/{basecoin => install-basecoin}/vars/RedHat.yml (100%) rename ansible/roles/{tendermint => install-tendermint}/defaults/main.yml (74%) rename ansible/roles/{tendermint => install-tendermint}/handlers/main.yml (100%) rename ansible/roles/{tendermint => install-tendermint}/tasks/install.yml (85%) rename ansible/roles/{tendermint => install-tendermint}/tasks/main.yml (83%) rename ansible/roles/{tendermint => install-tendermint}/templates/tendermint.conf.j2 (62%) rename ansible/roles/{tendermint => install-tendermint}/templates/tendermint.systemd.j2 (71%) rename ansible/roles/{tendermint => install-tendermint}/vars/Debian.yml (100%) rename ansible/roles/{tendermint => install-tendermint}/vars/RedHat.yml (100%) create mode 100644 ansible/roles/start/defaults/main.yml create mode 100644 ansible/roles/start/tasks/main.yml create mode 100644 ansible/roles/stop/defaults/main.yml create mode 100644 ansible/roles/stop/tasks/main.yml delete mode 100644 ansible/roles/tendermint/tasks/genesis.yml delete mode 100644 ansible/roles/tendermint/tasks/start.yml delete mode 100644 ansible/roles/tendermint/templates/genesis.json.j2 create mode 100644 ansible/start.yml create mode 100644 ansible/stop.yml delete mode 100644 terraforce/scripts/copy_run.sh delete mode 100644 terraforce/scripts/init.sh delete mode 100644 terraforce/scripts/query.sh delete mode 100644 terraforce/scripts/reset.sh delete mode 100644 terraforce/scripts/restart.sh delete mode 100644 terraforce/scripts/start.sh delete mode 100644 terraforce/scripts/stop.sh create mode 100644 terraform-aws/README.md rename {terraforce => terraform-digitalocean}/README.md (100%) rename {terraforce => terraform-digitalocean}/cluster/main.tf (100%) rename {terraforce => terraform-digitalocean}/cluster/outputs.tf (100%) rename {terraforce => terraform-digitalocean}/cluster/variables.tf (100%) rename {terraforce => terraform-digitalocean}/main.tf (96%) rename {terraforce/transact => transact}/transact.go (100%) diff --git a/ansible/README.md b/ansible/README.md index 2ef5a7a91..0ce68cad6 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -1,4 +1,4 @@ -# Ansible playbook for Tendermint on DigitalOcean +# Ansible playbook for Tendermint ![Ansible plus Tendermint](img/a_plus_t.png) @@ -7,42 +7,39 @@ * [Running the playbook](#Running the playbook) * [Example playbook that configures a Tendermint on Ubuntu](#example-playbook-that-configures-a-tendermint-on-ubuntu) -The playbook in this folder contains [ansible](http://www.ansible.com/) roles which: +The playbooks in this folder run [ansible](http://www.ansible.com/) roles which: -* installs tendermint -* configures tendermint -* configures tendermint service -* installs basecoin -* configures basecoin +* install and configure tendermint +* install and configure basecoin +* start/stop tendermint and basecoin ## Prerequisites * Ansible 2.0 or higher -* DigitalOcean API Token * SSH key to the servers + +Optional for DigitalOcean droplets: +* DigitalOcean API Token * python dopy package Head over to the [Terraform folder](https://github.com/tendermint/tools) for a description on how to get a DigitalOcean API Token. -The DigitalOcean inventory script comes from the ansible team at https://github.com/ansible/ansible. You can get the latest version from the contrib/inventory folder. +Optional for Amazon AWS instances: +* Amazon AWS API access key ID and secret access key. + +The cloud inventory scripts come from the ansible team at https://github.com/ansible/ansible. You can get the latest version from the contrib/inventory folder. ## Ansible setup -Ansible requires a "command machine" or "local machine" or "orchestrator machine" to run on. This can be your laptop or any machine that runs linux. (It does not have to be part of the DigitalOcean network.) +Ansible requires a "command machine" or "local machine" or "orchestrator machine" to run on. This can be your laptop or any machine that runs linux. (It does not have to be part of the cloud network that hosts your servers.) -Example on RedHat/CentOS: -``` -sudo yum install ansible python-pip -sudo pip install dopy -``` +Note: The below commands use the Ubuntu/Debian `apt-get` command. To make it compatible with RedHat/CentOS, replace it with `yum`. -Example on Ubuntu/Debian: ``` -sudo apt-get install ansible python-pip -sudo pip install dopy +sudo apt-get install ansible ``` -To make life easier, you can start an SSH Agent and load your SSH key(s) into it. This way ansible will have an uninterrupted way of connecting to the droplets. +To make life easier, you can start an SSH Agent and load your SSH key(s). This way ansible will have an uninterrupted way of connecting to tour servers. ``` ssh-agent > ~/.ssh/ssh.env @@ -53,6 +50,21 @@ ssh-add private.key Subsequently, as long as the agent is running, you can use `source ~/.ssh/ssh.env` to load the keys to the current session. +### Optional cloud dependencies + +If you are using a cloud provider to host your servers, you need the below dependencies installed on your local machine. + +DigitalOcean inventory dependencies: +``` +sudo apt-get install python-pip +sudo pip install dopy +``` + +Amazon AWS inventory dependencies: +``` +sudo apt-get install python-boto +``` + ## Refreshing the DigitalOcean inventory If you just finished creating droplets, the local DigitalOcean inventory cache is not up-to-date. To refresh it, run: @@ -62,23 +74,61 @@ DO_API_TOKEN="" python -u inventory/digital_ocean.py --refresh-cache 1> /dev/null ``` +## Refreshing the Amazon AWS inventory + +If you just finished creating Amazon AWS EC2 instances, the local AWS inventory cache is not up-to-date. To refresh it, run: + +``` +AWS_ACCESS_KEY_ID='' +AWS_SECRET_ACCESS_KEY='' +python -u inventory/ec2.py --refresh-cache 1> /dev/null +``` + +Note you don't need the access key and secret key set, if you are running ansible on an Amazon AMI instance with the proper IAM permissions set. + ## Running the playbook -The playbook is locked down to only run if the environment variable `TF_VAR_TESTNET_NAME` is populated. This is a precaution so you don't accidentally run the playbook on all your DigitalOcean droplets. +The playbook is locked down to only run if the environment variable `TF_VAR_TESTNET_NAME` is populated. This is a precaution so you don't accidentally run the playbook on all your servers. -The variable `TF_VAR_TESTNET_NAME` contains the testnet name defined when the droplets were created using Terraform. +The variable `TF_VAR_TESTNET_NAME` contains the testnet name which ansible translates into an ansible group. If you used Terraform to create the servers, it was the testnet name used there. + +If the playbook cannot connect to the servers because of public key denial, your SSH Agent is not set up properly. Alternatively you can add the SSH key to ansible using the `--private-key` option. +### DigitalOcean ``` +DO_API_TOKEN="" TF_VAR_TESTNET_NAME="testnet-servers" ansible-playbook -i inventory/digital_ocean.py install.yml ``` -If the playbook cannot connect to the servers because of public key denial, your SSH Agent is not set up properly. Alternatively you can add the SSH key to ansible using the `--private-key` option. +### Amazon AWS +``` +AWS_ACCESS_KEY_ID='' +AWS_SECRET_ACCESS_KEY='' +TF_VAR_TESTNET_NAME="testnet-servers" +ansible-playbook -i inventory/ec2.py install.yml +``` -## Starting the cluster +### Installing custom versions + +By default ansible installs the tendermint and basecoin binary versions defined in its [default variables](#Default variables). If you built your own version of the binaries, you can tell ansible to install that instead. + +``` +GOPATH="" +go get -u github.com/tendermint/tendermint/cmd/tendermint +go get -u github.com/tendermint/basecoin/cmd/basecoin + +DO_API_TOKEN="" +TF_VAR_TESTNET_NAME="testnet-servers" +ansible-playbook -i inventory/digital_ocean.py install.yml -e tendermint_release_install=false -e basecoin_release_install=false +``` + +## Starting the servers To be continued... -## Role details +## Default variables + To be continued... + diff --git a/ansible/config.yml b/ansible/config.yml new file mode 100644 index 000000000..53376c91f --- /dev/null +++ b/ansible/config.yml @@ -0,0 +1,7 @@ +--- + +- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" + user: root + roles: + - { role: config, testnet_name: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" } + diff --git a/ansible/group_vars/all b/ansible/group_vars/all new file mode 100644 index 000000000..6fdc88ed7 --- /dev/null +++ b/ansible/group_vars/all @@ -0,0 +1,45 @@ +--- +#tendermint_release_install: true +#tendermint_version: 0.10.0-rc1 +#tendermint_download: "https://s3-us-west-2.amazonaws.com/tendermint/binaries/tendermint/v{{tendermint_version}}/tendermint_{{tendermint_version}}_linux_amd64.zip" + +##If tendermint_release_install == false, copy the binary from here +#tendermint_binary: "{{ lookup('env','GOPATH') | default('') }}/bin/tendermint" + +#tendermint_user: tendermint +#tendermint_group: tendermint + +## Upstart start/stop conditions can vary by distribution and environment +#tendermint_upstart_start_on: start on runlevel [345] +#tendermint_upstart_stop_on: stop on runlevel [!345] + +#tendermint_home: /var/lib/tendermint +#tendermint_log_file: /var/log/tendermint.log + +#basecoin_release_install: true +#basecoin_version: 0.4.0 +#basecoin_download: "https://s3-us-west-2.amazonaws.com/tendermint/binaries/basecoin/v{{basecoin_version}}/basecoin_{{basecoin_version}}_linux_amd64.zip" + +##If basecoin_release_install == false, copy the binary from here +#basecoin_binary: "{{ lookup('env','GOPATH') | default('') }}/bin/basecoin" + +#basecoin_user: basecoin +#basecoin_group: basecoin + +## Upstart start/stop conditions can vary by distribution and environment +#basecoin_upstart_start_on: start on runlevel [345] +#basecoin_upstart_stop_on: stop on runlevel [!345] + +#basecoin_home: /var/lib/basecoin +#basecoin_log_file: /var/log/basecoin.log + +#basecoin_inprocess: false + +#Used by the config role +#testnet_name: test-chain + + +basecoin_inprocess: false +tendermint_release_install: false +basecoin_release_install: false + diff --git a/ansible/install.yml b/ansible/install.yml index ccd823304..bc5d15a79 100644 --- a/ansible/install.yml +++ b/ansible/install.yml @@ -1,9 +1,11 @@ --- - hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" - vars: - testnet_name: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" user: root roles: - - tendermint - - basecoin + - install-tendermint + - install-basecoin + - cleanupconfig + - { role: config, testnet_name: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" } + - start + diff --git a/ansible/inventory/ec2.ini b/ansible/inventory/ec2.ini new file mode 100644 index 000000000..e11a69cc1 --- /dev/null +++ b/ansible/inventory/ec2.ini @@ -0,0 +1,209 @@ +# Ansible EC2 external inventory script settings +# + +[ec2] + +# to talk to a private eucalyptus instance uncomment these lines +# and edit edit eucalyptus_host to be the host name of your cloud controller +#eucalyptus = True +#eucalyptus_host = clc.cloud.domain.org + +# AWS regions to make calls to. Set this to 'all' to make request to all regions +# in AWS and merge the results together. Alternatively, set this to a comma +# separated list of regions. E.g. 'us-east-1,us-west-1,us-west-2' and do not +# provide the 'regions_exclude' option. If this is set to 'auto', AWS_REGION or +# AWS_DEFAULT_REGION environment variable will be read to determine the region. +regions = all +regions_exclude = us-gov-west-1, cn-north-1 + +# When generating inventory, Ansible needs to know how to address a server. +# Each EC2 instance has a lot of variables associated with it. Here is the list: +# http://docs.pythonboto.org/en/latest/ref/ec2.html#module-boto.ec2.instance +# Below are 2 variables that are used as the address of a server: +# - destination_variable +# - vpc_destination_variable + +# This is the normal destination variable to use. If you are running Ansible +# from outside EC2, then 'public_dns_name' makes the most sense. If you are +# running Ansible from within EC2, then perhaps you want to use the internal +# address, and should set this to 'private_dns_name'. The key of an EC2 tag +# may optionally be used; however the boto instance variables hold precedence +# in the event of a collision. +destination_variable = public_dns_name + +# This allows you to override the inventory_name with an ec2 variable, instead +# of using the destination_variable above. Addressing (aka ansible_ssh_host) +# will still use destination_variable. Tags should be written as 'tag_TAGNAME'. +#hostname_variable = tag_Name + +# For server inside a VPC, using DNS names may not make sense. When an instance +# has 'subnet_id' set, this variable is used. If the subnet is public, setting +# this to 'ip_address' will return the public IP address. For instances in a +# private subnet, this should be set to 'private_ip_address', and Ansible must +# be run from within EC2. The key of an EC2 tag may optionally be used; however +# the boto instance variables hold precedence in the event of a collision. +# WARNING: - instances that are in the private vpc, _without_ public ip address +# will not be listed in the inventory until You set: +# vpc_destination_variable = private_ip_address +vpc_destination_variable = ip_address + +# The following two settings allow flexible ansible host naming based on a +# python format string and a comma-separated list of ec2 tags. Note that: +# +# 1) If the tags referenced are not present for some instances, empty strings +# will be substituted in the format string. +# 2) This overrides both destination_variable and vpc_destination_variable. +# +#destination_format = {0}.{1}.example.com +#destination_format_tags = Name,environment + +# To tag instances on EC2 with the resource records that point to them from +# Route53, set 'route53' to True. +route53 = False + +# To use Route53 records as the inventory hostnames, uncomment and set +# to equal the domain name you wish to use. You must also have 'route53' (above) +# set to True. +# route53_hostnames = .example.com + +# To exclude RDS instances from the inventory, uncomment and set to False. +#rds = False + +# To exclude ElastiCache instances from the inventory, uncomment and set to False. +#elasticache = False + +# Additionally, you can specify the list of zones to exclude looking up in +# 'route53_excluded_zones' as a comma-separated list. +# route53_excluded_zones = samplezone1.com, samplezone2.com + +# By default, only EC2 instances in the 'running' state are returned. Set +# 'all_instances' to True to return all instances regardless of state. +all_instances = False + +# By default, only EC2 instances in the 'running' state are returned. Specify +# EC2 instance states to return as a comma-separated list. This +# option is overridden when 'all_instances' is True. +# instance_states = pending, running, shutting-down, terminated, stopping, stopped + +# By default, only RDS instances in the 'available' state are returned. Set +# 'all_rds_instances' to True return all RDS instances regardless of state. +all_rds_instances = False + +# Include RDS cluster information (Aurora etc.) +include_rds_clusters = False + +# By default, only ElastiCache clusters and nodes in the 'available' state +# are returned. Set 'all_elasticache_clusters' and/or 'all_elastic_nodes' +# to True return all ElastiCache clusters and nodes, regardless of state. +# +# Note that all_elasticache_nodes only applies to listed clusters. That means +# if you set all_elastic_clusters to false, no node will be return from +# unavailable clusters, regardless of the state and to what you set for +# all_elasticache_nodes. +all_elasticache_replication_groups = False +all_elasticache_clusters = False +all_elasticache_nodes = False + +# API calls to EC2 are slow. For this reason, we cache the results of an API +# call. Set this to the path you want cache files to be written to. Two files +# will be written to this directory: +# - ansible-ec2.cache +# - ansible-ec2.index +cache_path = ~/.ansible/tmp + +# The number of seconds a cache file is considered valid. After this many +# seconds, a new API call will be made, and the cache file will be updated. +# To disable the cache, set this value to 0 +cache_max_age = 300 + +# Organize groups into a nested/hierarchy instead of a flat namespace. +nested_groups = False + +# Replace - tags when creating groups to avoid issues with ansible +replace_dash_in_groups = True + +# If set to true, any tag of the form "a,b,c" is expanded into a list +# and the results are used to create additional tag_* inventory groups. +expand_csv_tags = False + +# The EC2 inventory output can become very large. To manage its size, +# configure which groups should be created. +group_by_instance_id = True +group_by_region = True +group_by_availability_zone = True +group_by_aws_account = False +group_by_ami_id = True +group_by_instance_type = True +group_by_instance_state = False +group_by_key_pair = True +group_by_vpc_id = True +group_by_security_group = True +group_by_tag_keys = True +group_by_tag_none = True +group_by_route53_names = True +group_by_rds_engine = True +group_by_rds_parameter_group = True +group_by_elasticache_engine = True +group_by_elasticache_cluster = True +group_by_elasticache_parameter_group = True +group_by_elasticache_replication_group = True + +# If you only want to include hosts that match a certain regular expression +# pattern_include = staging-* + +# If you want to exclude any hosts that match a certain regular expression +# pattern_exclude = staging-* + +# Instance filters can be used to control which instances are retrieved for +# inventory. For the full list of possible filters, please read the EC2 API +# docs: http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-DescribeInstances.html#query-DescribeInstances-filters +# Filters are key/value pairs separated by '=', to list multiple filters use +# a list separated by commas. See examples below. + +# If you want to apply multiple filters simultaneously, set stack_filters to +# True. Default behaviour is to combine the results of all filters. Stacking +# allows the use of multiple conditions to filter down, for example by +# environment and type of host. +stack_filters = False + +# Retrieve only instances with (key=value) env=staging tag +# instance_filters = tag:env=staging + +# Retrieve only instances with role=webservers OR role=dbservers tag +# instance_filters = tag:role=webservers,tag:role=dbservers + +# Retrieve only t1.micro instances OR instances with tag env=staging +# instance_filters = instance-type=t1.micro,tag:env=staging + +# You can use wildcards in filter values also. Below will list instances which +# tag Name value matches webservers1* +# (ex. webservers15, webservers1a, webservers123 etc) +# instance_filters = tag:Name=webservers1* + +# An IAM role can be assumed, so all requests are run as that role. +# This can be useful for connecting across different accounts, or to limit user +# access +# iam_role = role-arn + +# A boto configuration profile may be used to separate out credentials +# see http://boto.readthedocs.org/en/latest/boto_config_tut.html +# boto_profile = some-boto-profile-name + + +[credentials] + +# The AWS credentials can optionally be specified here. Credentials specified +# here are ignored if the environment variable AWS_ACCESS_KEY_ID or +# AWS_PROFILE is set, or if the boto_profile property above is set. +# +# Supplying AWS credentials here is not recommended, as it introduces +# non-trivial security concerns. When going down this route, please make sure +# to set access permissions for this file correctly, e.g. handle it the same +# way as you would a private SSH key. +# +# Unlike the boto and AWS configure files, this section does not support +# profiles. +# +# aws_access_key_id = AXXXXXXXXXXXXXX +# aws_secret_access_key = XXXXXXXXXXXXXXXXXXX +# aws_security_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXX diff --git a/ansible/inventory/ec2.py b/ansible/inventory/ec2.py new file mode 100644 index 000000000..9614c5fe9 --- /dev/null +++ b/ansible/inventory/ec2.py @@ -0,0 +1,1595 @@ +#!/usr/bin/env python + +''' +EC2 external inventory script +================================= + +Generates inventory that Ansible can understand by making API request to +AWS EC2 using the Boto library. + +NOTE: This script assumes Ansible is being executed where the environment +variables needed for Boto have already been set: + export AWS_ACCESS_KEY_ID='AK123' + export AWS_SECRET_ACCESS_KEY='abc123' + +optional region environement variable if region is 'auto' + +This script also assumes there is an ec2.ini file alongside it. To specify a +different path to ec2.ini, define the EC2_INI_PATH environment variable: + + export EC2_INI_PATH=/path/to/my_ec2.ini + +If you're using eucalyptus you need to set the above variables and +you need to define: + + export EC2_URL=http://hostname_of_your_cc:port/services/Eucalyptus + +If you're using boto profiles (requires boto>=2.24.0) you can choose a profile +using the --boto-profile command line argument (e.g. ec2.py --boto-profile prod) or using +the AWS_PROFILE variable: + + AWS_PROFILE=prod ansible-playbook -i ec2.py myplaybook.yml + +For more details, see: http://docs.pythonboto.org/en/latest/boto_config_tut.html + +When run against a specific host, this script returns the following variables: + - ec2_ami_launch_index + - ec2_architecture + - ec2_association + - ec2_attachTime + - ec2_attachment + - ec2_attachmentId + - ec2_block_devices + - ec2_client_token + - ec2_deleteOnTermination + - ec2_description + - ec2_deviceIndex + - ec2_dns_name + - ec2_eventsSet + - ec2_group_name + - ec2_hypervisor + - ec2_id + - ec2_image_id + - ec2_instanceState + - ec2_instance_type + - ec2_ipOwnerId + - ec2_ip_address + - ec2_item + - ec2_kernel + - ec2_key_name + - ec2_launch_time + - ec2_monitored + - ec2_monitoring + - ec2_networkInterfaceId + - ec2_ownerId + - ec2_persistent + - ec2_placement + - ec2_platform + - ec2_previous_state + - ec2_private_dns_name + - ec2_private_ip_address + - ec2_publicIp + - ec2_public_dns_name + - ec2_ramdisk + - ec2_reason + - ec2_region + - ec2_requester_id + - ec2_root_device_name + - ec2_root_device_type + - ec2_security_group_ids + - ec2_security_group_names + - ec2_shutdown_state + - ec2_sourceDestCheck + - ec2_spot_instance_request_id + - ec2_state + - ec2_state_code + - ec2_state_reason + - ec2_status + - ec2_subnet_id + - ec2_tenancy + - ec2_virtualization_type + - ec2_vpc_id + +These variables are pulled out of a boto.ec2.instance object. There is a lack of +consistency with variable spellings (camelCase and underscores) since this +just loops through all variables the object exposes. It is preferred to use the +ones with underscores when multiple exist. + +In addition, if an instance has AWS Tags associated with it, each tag is a new +variable named: + - ec2_tag_[Key] = [Value] + +Security groups are comma-separated in 'ec2_security_group_ids' and +'ec2_security_group_names'. +''' + +# (c) 2012, Peter Sankauskas +# +# This file is part of Ansible, +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +###################################################################### + +import sys +import os +import argparse +import re +from time import time +import boto +from boto import ec2 +from boto import rds +from boto import elasticache +from boto import route53 +from boto import sts +import six + +from ansible.module_utils import ec2 as ec2_utils + +HAS_BOTO3 = False +try: + import boto3 + HAS_BOTO3 = True +except ImportError: + pass + +from six.moves import configparser +from collections import defaultdict + +try: + import json +except ImportError: + import simplejson as json + + +class Ec2Inventory(object): + + def _empty_inventory(self): + return {"_meta": {"hostvars": {}}} + + def __init__(self): + ''' Main execution path ''' + + # Inventory grouped by instance IDs, tags, security groups, regions, + # and availability zones + self.inventory = self._empty_inventory() + + self.aws_account_id = None + + # Index of hostname (address) to instance ID + self.index = {} + + # Boto profile to use (if any) + self.boto_profile = None + + # AWS credentials. + self.credentials = {} + + # Read settings and parse CLI arguments + self.parse_cli_args() + self.read_settings() + + # Make sure that profile_name is not passed at all if not set + # as pre 2.24 boto will fall over otherwise + if self.boto_profile: + if not hasattr(boto.ec2.EC2Connection, 'profile_name'): + self.fail_with_error("boto version must be >= 2.24 to use profile") + + # Cache + if self.args.refresh_cache: + self.do_api_calls_update_cache() + elif not self.is_cache_valid(): + self.do_api_calls_update_cache() + + # Data to print + if self.args.host: + data_to_print = self.get_host_info() + + elif self.args.list: + # Display list of instances for inventory + if self.inventory == self._empty_inventory(): + data_to_print = self.get_inventory_from_cache() + else: + data_to_print = self.json_format_dict(self.inventory, True) + + print(data_to_print) + + def is_cache_valid(self): + ''' Determines if the cache files have expired, or if it is still valid ''' + + if os.path.isfile(self.cache_path_cache): + mod_time = os.path.getmtime(self.cache_path_cache) + current_time = time() + if (mod_time + self.cache_max_age) > current_time: + if os.path.isfile(self.cache_path_index): + return True + + return False + + def read_settings(self): + ''' Reads the settings from the ec2.ini file ''' + + scriptbasename = __file__ + scriptbasename = os.path.basename(scriptbasename) + scriptbasename = scriptbasename.replace('.py', '') + + defaults = { + 'ec2': { + 'ini_path': os.path.join(os.path.dirname(__file__), '%s.ini' % scriptbasename) + } + } + + if six.PY3: + config = configparser.ConfigParser() + else: + config = configparser.SafeConfigParser() + ec2_ini_path = os.environ.get('EC2_INI_PATH', defaults['ec2']['ini_path']) + ec2_ini_path = os.path.expanduser(os.path.expandvars(ec2_ini_path)) + config.read(ec2_ini_path) + + # is eucalyptus? + self.eucalyptus_host = None + self.eucalyptus = False + if config.has_option('ec2', 'eucalyptus'): + self.eucalyptus = config.getboolean('ec2', 'eucalyptus') + if self.eucalyptus and config.has_option('ec2', 'eucalyptus_host'): + self.eucalyptus_host = config.get('ec2', 'eucalyptus_host') + + # Regions + self.regions = [] + configRegions = config.get('ec2', 'regions') + if (configRegions == 'all'): + if self.eucalyptus_host: + self.regions.append(boto.connect_euca(host=self.eucalyptus_host).region.name, **self.credentials) + else: + configRegions_exclude = config.get('ec2', 'regions_exclude') + for regionInfo in ec2.regions(): + if regionInfo.name not in configRegions_exclude: + self.regions.append(regionInfo.name) + else: + self.regions = configRegions.split(",") + if 'auto' in self.regions: + env_region = os.environ.get('AWS_REGION') + if env_region is None: + env_region = os.environ.get('AWS_DEFAULT_REGION') + self.regions = [env_region] + + # Destination addresses + self.destination_variable = config.get('ec2', 'destination_variable') + self.vpc_destination_variable = config.get('ec2', 'vpc_destination_variable') + + if config.has_option('ec2', 'hostname_variable'): + self.hostname_variable = config.get('ec2', 'hostname_variable') + else: + self.hostname_variable = None + + if config.has_option('ec2', 'destination_format') and \ + config.has_option('ec2', 'destination_format_tags'): + self.destination_format = config.get('ec2', 'destination_format') + self.destination_format_tags = config.get('ec2', 'destination_format_tags').split(',') + else: + self.destination_format = None + self.destination_format_tags = None + + # Route53 + self.route53_enabled = config.getboolean('ec2', 'route53') + if config.has_option('ec2', 'route53_hostnames'): + self.route53_hostnames = config.get('ec2', 'route53_hostnames') + else: + self.route53_hostnames = None + self.route53_excluded_zones = [] + if config.has_option('ec2', 'route53_excluded_zones'): + self.route53_excluded_zones.extend( + config.get('ec2', 'route53_excluded_zones', '').split(',')) + + # Include RDS instances? + self.rds_enabled = True + if config.has_option('ec2', 'rds'): + self.rds_enabled = config.getboolean('ec2', 'rds') + + # Include RDS cluster instances? + if config.has_option('ec2', 'include_rds_clusters'): + self.include_rds_clusters = config.getboolean('ec2', 'include_rds_clusters') + else: + self.include_rds_clusters = False + + # Include ElastiCache instances? + self.elasticache_enabled = True + if config.has_option('ec2', 'elasticache'): + self.elasticache_enabled = config.getboolean('ec2', 'elasticache') + + # Return all EC2 instances? + if config.has_option('ec2', 'all_instances'): + self.all_instances = config.getboolean('ec2', 'all_instances') + else: + self.all_instances = False + + # Instance states to be gathered in inventory. Default is 'running'. + # Setting 'all_instances' to 'yes' overrides this option. + ec2_valid_instance_states = [ + 'pending', + 'running', + 'shutting-down', + 'terminated', + 'stopping', + 'stopped' + ] + self.ec2_instance_states = [] + if self.all_instances: + self.ec2_instance_states = ec2_valid_instance_states + elif config.has_option('ec2', 'instance_states'): + for instance_state in config.get('ec2', 'instance_states').split(','): + instance_state = instance_state.strip() + if instance_state not in ec2_valid_instance_states: + continue + self.ec2_instance_states.append(instance_state) + else: + self.ec2_instance_states = ['running'] + + # Return all RDS instances? (if RDS is enabled) + if config.has_option('ec2', 'all_rds_instances') and self.rds_enabled: + self.all_rds_instances = config.getboolean('ec2', 'all_rds_instances') + else: + self.all_rds_instances = False + + # Return all ElastiCache replication groups? (if ElastiCache is enabled) + if config.has_option('ec2', 'all_elasticache_replication_groups') and self.elasticache_enabled: + self.all_elasticache_replication_groups = config.getboolean('ec2', 'all_elasticache_replication_groups') + else: + self.all_elasticache_replication_groups = False + + # Return all ElastiCache clusters? (if ElastiCache is enabled) + if config.has_option('ec2', 'all_elasticache_clusters') and self.elasticache_enabled: + self.all_elasticache_clusters = config.getboolean('ec2', 'all_elasticache_clusters') + else: + self.all_elasticache_clusters = False + + # Return all ElastiCache nodes? (if ElastiCache is enabled) + if config.has_option('ec2', 'all_elasticache_nodes') and self.elasticache_enabled: + self.all_elasticache_nodes = config.getboolean('ec2', 'all_elasticache_nodes') + else: + self.all_elasticache_nodes = False + + # boto configuration profile (prefer CLI argument then environment variables then config file) + self.boto_profile = self.args.boto_profile or os.environ.get('AWS_PROFILE') + if config.has_option('ec2', 'boto_profile') and not self.boto_profile: + self.boto_profile = config.get('ec2', 'boto_profile') + + # AWS credentials (prefer environment variables) + if not (self.boto_profile or os.environ.get('AWS_ACCESS_KEY_ID') or + os.environ.get('AWS_PROFILE')): + if config.has_option('credentials', 'aws_access_key_id'): + aws_access_key_id = config.get('credentials', 'aws_access_key_id') + else: + aws_access_key_id = None + if config.has_option('credentials', 'aws_secret_access_key'): + aws_secret_access_key = config.get('credentials', 'aws_secret_access_key') + else: + aws_secret_access_key = None + if config.has_option('credentials', 'aws_security_token'): + aws_security_token = config.get('credentials', 'aws_security_token') + else: + aws_security_token = None + if aws_access_key_id: + self.credentials = { + 'aws_access_key_id': aws_access_key_id, + 'aws_secret_access_key': aws_secret_access_key + } + if aws_security_token: + self.credentials['security_token'] = aws_security_token + + # Cache related + cache_dir = os.path.expanduser(config.get('ec2', 'cache_path')) + if self.boto_profile: + cache_dir = os.path.join(cache_dir, 'profile_' + self.boto_profile) + if not os.path.exists(cache_dir): + os.makedirs(cache_dir) + + cache_name = 'ansible-ec2' + cache_id = self.boto_profile or os.environ.get('AWS_ACCESS_KEY_ID', self.credentials.get('aws_access_key_id')) + if cache_id: + cache_name = '%s-%s' % (cache_name, cache_id) + self.cache_path_cache = os.path.join(cache_dir, "%s.cache" % cache_name) + self.cache_path_index = os.path.join(cache_dir, "%s.index" % cache_name) + self.cache_max_age = config.getint('ec2', 'cache_max_age') + + if config.has_option('ec2', 'expand_csv_tags'): + self.expand_csv_tags = config.getboolean('ec2', 'expand_csv_tags') + else: + self.expand_csv_tags = False + + # Configure nested groups instead of flat namespace. + if config.has_option('ec2', 'nested_groups'): + self.nested_groups = config.getboolean('ec2', 'nested_groups') + else: + self.nested_groups = False + + # Replace dash or not in group names + if config.has_option('ec2', 'replace_dash_in_groups'): + self.replace_dash_in_groups = config.getboolean('ec2', 'replace_dash_in_groups') + else: + self.replace_dash_in_groups = True + + # IAM role to assume for connection + if config.has_option('ec2', 'iam_role'): + self.iam_role = config.get('ec2', 'iam_role') + else: + self.iam_role = None + + # Configure which groups should be created. + group_by_options = [ + 'group_by_instance_id', + 'group_by_region', + 'group_by_availability_zone', + 'group_by_ami_id', + 'group_by_instance_type', + 'group_by_instance_state', + 'group_by_key_pair', + 'group_by_vpc_id', + 'group_by_security_group', + 'group_by_tag_keys', + 'group_by_tag_none', + 'group_by_route53_names', + 'group_by_rds_engine', + 'group_by_rds_parameter_group', + 'group_by_elasticache_engine', + 'group_by_elasticache_cluster', + 'group_by_elasticache_parameter_group', + 'group_by_elasticache_replication_group', + 'group_by_aws_account', + ] + for option in group_by_options: + if config.has_option('ec2', option): + setattr(self, option, config.getboolean('ec2', option)) + else: + setattr(self, option, True) + + # Do we need to just include hosts that match a pattern? + try: + pattern_include = config.get('ec2', 'pattern_include') + if pattern_include and len(pattern_include) > 0: + self.pattern_include = re.compile(pattern_include) + else: + self.pattern_include = None + except configparser.NoOptionError: + self.pattern_include = None + + # Do we need to exclude hosts that match a pattern? + try: + pattern_exclude = config.get('ec2', 'pattern_exclude') + if pattern_exclude and len(pattern_exclude) > 0: + self.pattern_exclude = re.compile(pattern_exclude) + else: + self.pattern_exclude = None + except configparser.NoOptionError: + self.pattern_exclude = None + + # Do we want to stack multiple filters? + if config.has_option('ec2', 'stack_filters'): + self.stack_filters = config.getboolean('ec2', 'stack_filters') + else: + self.stack_filters = False + + # Instance filters (see boto and EC2 API docs). Ignore invalid filters. + self.ec2_instance_filters = defaultdict(list) + if config.has_option('ec2', 'instance_filters'): + + filters = [f for f in config.get('ec2', 'instance_filters').split(',') if f] + + for instance_filter in filters: + instance_filter = instance_filter.strip() + if not instance_filter or '=' not in instance_filter: + continue + filter_key, filter_value = [x.strip() for x in instance_filter.split('=', 1)] + if not filter_key: + continue + self.ec2_instance_filters[filter_key].append(filter_value) + + def parse_cli_args(self): + ''' Command line argument processing ''' + + parser = argparse.ArgumentParser(description='Produce an Ansible Inventory file based on EC2') + parser.add_argument('--list', action='store_true', default=True, + help='List instances (default: True)') + parser.add_argument('--host', action='store', + help='Get all the variables about a specific instance') + parser.add_argument('--refresh-cache', action='store_true', default=False, + help='Force refresh of cache by making API requests to EC2 (default: False - use cache files)') + parser.add_argument('--profile', '--boto-profile', action='store', dest='boto_profile', + help='Use boto profile for connections to EC2') + self.args = parser.parse_args() + + def do_api_calls_update_cache(self): + ''' Do API calls to each region, and save data in cache files ''' + + if self.route53_enabled: + self.get_route53_records() + + for region in self.regions: + self.get_instances_by_region(region) + if self.rds_enabled: + self.get_rds_instances_by_region(region) + if self.elasticache_enabled: + self.get_elasticache_clusters_by_region(region) + self.get_elasticache_replication_groups_by_region(region) + if self.include_rds_clusters: + self.include_rds_clusters_by_region(region) + + self.write_to_cache(self.inventory, self.cache_path_cache) + self.write_to_cache(self.index, self.cache_path_index) + + def connect(self, region): + ''' create connection to api server''' + if self.eucalyptus: + conn = boto.connect_euca(host=self.eucalyptus_host, **self.credentials) + conn.APIVersion = '2010-08-31' + else: + conn = self.connect_to_aws(ec2, region) + return conn + + def boto_fix_security_token_in_profile(self, connect_args): + ''' monkey patch for boto issue boto/boto#2100 ''' + profile = 'profile ' + self.boto_profile + if boto.config.has_option(profile, 'aws_security_token'): + connect_args['security_token'] = boto.config.get(profile, 'aws_security_token') + return connect_args + + def connect_to_aws(self, module, region): + connect_args = self.credentials + + # only pass the profile name if it's set (as it is not supported by older boto versions) + if self.boto_profile: + connect_args['profile_name'] = self.boto_profile + self.boto_fix_security_token_in_profile(connect_args) + + if self.iam_role: + sts_conn = sts.connect_to_region(region, **connect_args) + role = sts_conn.assume_role(self.iam_role, 'ansible_dynamic_inventory') + connect_args['aws_access_key_id'] = role.credentials.access_key + connect_args['aws_secret_access_key'] = role.credentials.secret_key + connect_args['security_token'] = role.credentials.session_token + + conn = module.connect_to_region(region, **connect_args) + # connect_to_region will fail "silently" by returning None if the region name is wrong or not supported + if conn is None: + self.fail_with_error("region name: %s likely not supported, or AWS is down. connection to region failed." % region) + return conn + + def get_instances_by_region(self, region): + ''' Makes an AWS EC2 API call to the list of instances in a particular + region ''' + + try: + conn = self.connect(region) + reservations = [] + if self.ec2_instance_filters: + if self.stack_filters: + filters_dict = {} + for filter_key, filter_values in self.ec2_instance_filters.items(): + filters_dict[filter_key] = filter_values + reservations.extend(conn.get_all_instances(filters=filters_dict)) + else: + for filter_key, filter_values in self.ec2_instance_filters.items(): + reservations.extend(conn.get_all_instances(filters={filter_key: filter_values})) + else: + reservations = conn.get_all_instances() + + # Pull the tags back in a second step + # AWS are on record as saying that the tags fetched in the first `get_all_instances` request are not + # reliable and may be missing, and the only way to guarantee they are there is by calling `get_all_tags` + instance_ids = [] + for reservation in reservations: + instance_ids.extend([instance.id for instance in reservation.instances]) + + max_filter_value = 199 + tags = [] + for i in range(0, len(instance_ids), max_filter_value): + tags.extend(conn.get_all_tags(filters={'resource-type': 'instance', 'resource-id': instance_ids[i:i + max_filter_value]})) + + tags_by_instance_id = defaultdict(dict) + for tag in tags: + tags_by_instance_id[tag.res_id][tag.name] = tag.value + + if (not self.aws_account_id) and reservations: + self.aws_account_id = reservations[0].owner_id + + for reservation in reservations: + for instance in reservation.instances: + instance.tags = tags_by_instance_id[instance.id] + self.add_instance(instance, region) + + except boto.exception.BotoServerError as e: + if e.error_code == 'AuthFailure': + error = self.get_auth_error_message() + else: + backend = 'Eucalyptus' if self.eucalyptus else 'AWS' + error = "Error connecting to %s backend.\n%s" % (backend, e.message) + self.fail_with_error(error, 'getting EC2 instances') + + def get_rds_instances_by_region(self, region): + ''' Makes an AWS API call to the list of RDS instances in a particular + region ''' + + if not HAS_BOTO3: + self.fail_with_error("Working with RDS instances requires boto3 - please install boto3 and try again", + "getting RDS instances") + + client = ec2_utils.boto3_inventory_conn('client', 'rds', region, **self.credentials) + db_instances = client.describe_db_instances() + + try: + conn = self.connect_to_aws(rds, region) + if conn: + marker = None + while True: + instances = conn.get_all_dbinstances(marker=marker) + marker = instances.marker + for index, instance in enumerate(instances): + # Add tags to instances. + instance.arn = db_instances['DBInstances'][index]['DBInstanceArn'] + tags = client.list_tags_for_resource(ResourceName=instance.arn)['TagList'] + instance.tags = {} + for tag in tags: + instance.tags[tag['Key']] = tag['Value'] + + self.add_rds_instance(instance, region) + if not marker: + break + except boto.exception.BotoServerError as e: + error = e.reason + + if e.error_code == 'AuthFailure': + error = self.get_auth_error_message() + if not e.reason == "Forbidden": + error = "Looks like AWS RDS is down:\n%s" % e.message + self.fail_with_error(error, 'getting RDS instances') + + def include_rds_clusters_by_region(self, region): + if not HAS_BOTO3: + self.fail_with_error("Working with RDS clusters requires boto3 - please install boto3 and try again", + "getting RDS clusters") + + client = ec2_utils.boto3_inventory_conn('client', 'rds', region, **self.credentials) + + marker, clusters = '', [] + while marker is not None: + resp = client.describe_db_clusters(Marker=marker) + clusters.extend(resp["DBClusters"]) + marker = resp.get('Marker', None) + + account_id = boto.connect_iam().get_user().arn.split(':')[4] + c_dict = {} + for c in clusters: + # remove these datetime objects as there is no serialisation to json + # currently in place and we don't need the data yet + if 'EarliestRestorableTime' in c: + del c['EarliestRestorableTime'] + if 'LatestRestorableTime' in c: + del c['LatestRestorableTime'] + + if self.ec2_instance_filters == {}: + matches_filter = True + else: + matches_filter = False + + try: + # arn:aws:rds:::: + tags = client.list_tags_for_resource( + ResourceName='arn:aws:rds:' + region + ':' + account_id + ':cluster:' + c['DBClusterIdentifier']) + c['Tags'] = tags['TagList'] + + if self.ec2_instance_filters: + for filter_key, filter_values in self.ec2_instance_filters.items(): + # get AWS tag key e.g. tag:env will be 'env' + tag_name = filter_key.split(":", 1)[1] + # Filter values is a list (if you put multiple values for the same tag name) + matches_filter = any(d['Key'] == tag_name and d['Value'] in filter_values for d in c['Tags']) + + if matches_filter: + # it matches a filter, so stop looking for further matches + break + + except Exception as e: + if e.message.find('DBInstanceNotFound') >= 0: + # AWS RDS bug (2016-01-06) means deletion does not fully complete and leave an 'empty' cluster. + # Ignore errors when trying to find tags for these + pass + + # ignore empty clusters caused by AWS bug + if len(c['DBClusterMembers']) == 0: + continue + elif matches_filter: + c_dict[c['DBClusterIdentifier']] = c + + self.inventory['db_clusters'] = c_dict + + def get_elasticache_clusters_by_region(self, region): + ''' Makes an AWS API call to the list of ElastiCache clusters (with + nodes' info) in a particular region.''' + + # ElastiCache boto module doesn't provide a get_all_intances method, + # that's why we need to call describe directly (it would be called by + # the shorthand method anyway...) + try: + conn = self.connect_to_aws(elasticache, region) + if conn: + # show_cache_node_info = True + # because we also want nodes' information + response = conn.describe_cache_clusters(None, None, None, True) + + except boto.exception.BotoServerError as e: + error = e.reason + + if e.error_code == 'AuthFailure': + error = self.get_auth_error_message() + if not e.reason == "Forbidden": + error = "Looks like AWS ElastiCache is down:\n%s" % e.message + self.fail_with_error(error, 'getting ElastiCache clusters') + + try: + # Boto also doesn't provide wrapper classes to CacheClusters or + # CacheNodes. Because of that we can't make use of the get_list + # method in the AWSQueryConnection. Let's do the work manually + clusters = response['DescribeCacheClustersResponse']['DescribeCacheClustersResult']['CacheClusters'] + + except KeyError as e: + error = "ElastiCache query to AWS failed (unexpected format)." + self.fail_with_error(error, 'getting ElastiCache clusters') + + for cluster in clusters: + self.add_elasticache_cluster(cluster, region) + + def get_elasticache_replication_groups_by_region(self, region): + ''' Makes an AWS API call to the list of ElastiCache replication groups + in a particular region.''' + + # ElastiCache boto module doesn't provide a get_all_intances method, + # that's why we need to call describe directly (it would be called by + # the shorthand method anyway...) + try: + conn = self.connect_to_aws(elasticache, region) + if conn: + response = conn.describe_replication_groups() + + except boto.exception.BotoServerError as e: + error = e.reason + + if e.error_code == 'AuthFailure': + error = self.get_auth_error_message() + if not e.reason == "Forbidden": + error = "Looks like AWS ElastiCache [Replication Groups] is down:\n%s" % e.message + self.fail_with_error(error, 'getting ElastiCache clusters') + + try: + # Boto also doesn't provide wrapper classes to ReplicationGroups + # Because of that we can't make use of the get_list method in the + # AWSQueryConnection. Let's do the work manually + replication_groups = response['DescribeReplicationGroupsResponse']['DescribeReplicationGroupsResult']['ReplicationGroups'] + + except KeyError as e: + error = "ElastiCache [Replication Groups] query to AWS failed (unexpected format)." + self.fail_with_error(error, 'getting ElastiCache clusters') + + for replication_group in replication_groups: + self.add_elasticache_replication_group(replication_group, region) + + def get_auth_error_message(self): + ''' create an informative error message if there is an issue authenticating''' + errors = ["Authentication error retrieving ec2 inventory."] + if None in [os.environ.get('AWS_ACCESS_KEY_ID'), os.environ.get('AWS_SECRET_ACCESS_KEY')]: + errors.append(' - No AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY environment vars found') + else: + errors.append(' - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment vars found but may not be correct') + + boto_paths = ['/etc/boto.cfg', '~/.boto', '~/.aws/credentials'] + boto_config_found = list(p for p in boto_paths if os.path.isfile(os.path.expanduser(p))) + if len(boto_config_found) > 0: + errors.append(" - Boto configs found at '%s', but the credentials contained may not be correct" % ', '.join(boto_config_found)) + else: + errors.append(" - No Boto config found at any expected location '%s'" % ', '.join(boto_paths)) + + return '\n'.join(errors) + + def fail_with_error(self, err_msg, err_operation=None): + '''log an error to std err for ansible-playbook to consume and exit''' + if err_operation: + err_msg = 'ERROR: "{err_msg}", while: {err_operation}'.format( + err_msg=err_msg, err_operation=err_operation) + sys.stderr.write(err_msg) + sys.exit(1) + + def get_instance(self, region, instance_id): + conn = self.connect(region) + + reservations = conn.get_all_instances([instance_id]) + for reservation in reservations: + for instance in reservation.instances: + return instance + + def add_instance(self, instance, region): + ''' Adds an instance to the inventory and index, as long as it is + addressable ''' + + # Only return instances with desired instance states + if instance.state not in self.ec2_instance_states: + return + + # Select the best destination address + if self.destination_format and self.destination_format_tags: + dest = self.destination_format.format(*[getattr(instance, 'tags').get(tag, '') for tag in self.destination_format_tags]) + elif instance.subnet_id: + dest = getattr(instance, self.vpc_destination_variable, None) + if dest is None: + dest = getattr(instance, 'tags').get(self.vpc_destination_variable, None) + else: + dest = getattr(instance, self.destination_variable, None) + if dest is None: + dest = getattr(instance, 'tags').get(self.destination_variable, None) + + if not dest: + # Skip instances we cannot address (e.g. private VPC subnet) + return + + # Set the inventory name + hostname = None + if self.hostname_variable: + if self.hostname_variable.startswith('tag_'): + hostname = instance.tags.get(self.hostname_variable[4:], None) + else: + hostname = getattr(instance, self.hostname_variable) + + # set the hostname from route53 + if self.route53_enabled and self.route53_hostnames: + route53_names = self.get_instance_route53_names(instance) + for name in route53_names: + if name.endswith(self.route53_hostnames): + hostname = name + + # If we can't get a nice hostname, use the destination address + if not hostname: + hostname = dest + # to_safe strips hostname characters like dots, so don't strip route53 hostnames + elif self.route53_enabled and self.route53_hostnames and hostname.endswith(self.route53_hostnames): + hostname = hostname.lower() + else: + hostname = self.to_safe(hostname).lower() + + # if we only want to include hosts that match a pattern, skip those that don't + if self.pattern_include and not self.pattern_include.match(hostname): + return + + # if we need to exclude hosts that match a pattern, skip those + if self.pattern_exclude and self.pattern_exclude.match(hostname): + return + + # Add to index + self.index[hostname] = [region, instance.id] + + # Inventory: Group by instance ID (always a group of 1) + if self.group_by_instance_id: + self.inventory[instance.id] = [hostname] + if self.nested_groups: + self.push_group(self.inventory, 'instances', instance.id) + + # Inventory: Group by region + if self.group_by_region: + self.push(self.inventory, region, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'regions', region) + + # Inventory: Group by availability zone + if self.group_by_availability_zone: + self.push(self.inventory, instance.placement, hostname) + if self.nested_groups: + if self.group_by_region: + self.push_group(self.inventory, region, instance.placement) + self.push_group(self.inventory, 'zones', instance.placement) + + # Inventory: Group by Amazon Machine Image (AMI) ID + if self.group_by_ami_id: + ami_id = self.to_safe(instance.image_id) + self.push(self.inventory, ami_id, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'images', ami_id) + + # Inventory: Group by instance type + if self.group_by_instance_type: + type_name = self.to_safe('type_' + instance.instance_type) + self.push(self.inventory, type_name, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'types', type_name) + + # Inventory: Group by instance state + if self.group_by_instance_state: + state_name = self.to_safe('instance_state_' + instance.state) + self.push(self.inventory, state_name, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'instance_states', state_name) + + # Inventory: Group by key pair + if self.group_by_key_pair and instance.key_name: + key_name = self.to_safe('key_' + instance.key_name) + self.push(self.inventory, key_name, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'keys', key_name) + + # Inventory: Group by VPC + if self.group_by_vpc_id and instance.vpc_id: + vpc_id_name = self.to_safe('vpc_id_' + instance.vpc_id) + self.push(self.inventory, vpc_id_name, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'vpcs', vpc_id_name) + + # Inventory: Group by security group + if self.group_by_security_group: + try: + for group in instance.groups: + key = self.to_safe("security_group_" + group.name) + self.push(self.inventory, key, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'security_groups', key) + except AttributeError: + self.fail_with_error('\n'.join(['Package boto seems a bit older.', + 'Please upgrade boto >= 2.3.0.'])) + + # Inventory: Group by AWS account ID + if self.group_by_aws_account: + self.push(self.inventory, self.aws_account_id, dest) + if self.nested_groups: + self.push_group(self.inventory, 'accounts', self.aws_account_id) + + # Inventory: Group by tag keys + if self.group_by_tag_keys: + for k, v in instance.tags.items(): + if self.expand_csv_tags and v and ',' in v: + values = map(lambda x: x.strip(), v.split(',')) + else: + values = [v] + + for v in values: + if v: + key = self.to_safe("tag_" + k + "=" + v) + else: + key = self.to_safe("tag_" + k) + self.push(self.inventory, key, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'tags', self.to_safe("tag_" + k)) + if v: + self.push_group(self.inventory, self.to_safe("tag_" + k), key) + + # Inventory: Group by Route53 domain names if enabled + if self.route53_enabled and self.group_by_route53_names: + route53_names = self.get_instance_route53_names(instance) + for name in route53_names: + self.push(self.inventory, name, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'route53', name) + + # Global Tag: instances without tags + if self.group_by_tag_none and len(instance.tags) == 0: + self.push(self.inventory, 'tag_none', hostname) + if self.nested_groups: + self.push_group(self.inventory, 'tags', 'tag_none') + + # Global Tag: tag all EC2 instances + self.push(self.inventory, 'ec2', hostname) + + self.inventory["_meta"]["hostvars"][hostname] = self.get_host_info_dict_from_instance(instance) + self.inventory["_meta"]["hostvars"][hostname]['ansible_ssh_host'] = dest + + def add_rds_instance(self, instance, region): + ''' Adds an RDS instance to the inventory and index, as long as it is + addressable ''' + + # Only want available instances unless all_rds_instances is True + if not self.all_rds_instances and instance.status != 'available': + return + + # Select the best destination address + dest = instance.endpoint[0] + + if not dest: + # Skip instances we cannot address (e.g. private VPC subnet) + return + + # Set the inventory name + hostname = None + if self.hostname_variable: + if self.hostname_variable.startswith('tag_'): + hostname = instance.tags.get(self.hostname_variable[4:], None) + else: + hostname = getattr(instance, self.hostname_variable) + + # If we can't get a nice hostname, use the destination address + if not hostname: + hostname = dest + + hostname = self.to_safe(hostname).lower() + + # Add to index + self.index[hostname] = [region, instance.id] + + # Inventory: Group by instance ID (always a group of 1) + if self.group_by_instance_id: + self.inventory[instance.id] = [hostname] + if self.nested_groups: + self.push_group(self.inventory, 'instances', instance.id) + + # Inventory: Group by region + if self.group_by_region: + self.push(self.inventory, region, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'regions', region) + + # Inventory: Group by availability zone + if self.group_by_availability_zone: + self.push(self.inventory, instance.availability_zone, hostname) + if self.nested_groups: + if self.group_by_region: + self.push_group(self.inventory, region, instance.availability_zone) + self.push_group(self.inventory, 'zones', instance.availability_zone) + + # Inventory: Group by instance type + if self.group_by_instance_type: + type_name = self.to_safe('type_' + instance.instance_class) + self.push(self.inventory, type_name, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'types', type_name) + + # Inventory: Group by VPC + if self.group_by_vpc_id and instance.subnet_group and instance.subnet_group.vpc_id: + vpc_id_name = self.to_safe('vpc_id_' + instance.subnet_group.vpc_id) + self.push(self.inventory, vpc_id_name, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'vpcs', vpc_id_name) + + # Inventory: Group by security group + if self.group_by_security_group: + try: + if instance.security_group: + key = self.to_safe("security_group_" + instance.security_group.name) + self.push(self.inventory, key, hostname) + if self.nested_groups: + self.push_group(self.inventory, 'security_groups', key) + + except AttributeError: + self.fail_with_error('\n'.join(['Package boto seems a bit older.', + 'Please upgrade boto >= 2.3.0.'])) + + # Inventory: Group by engine + if self.group_by_rds_engine: + self.push(self.inventory, self.to_safe("rds_" + instance.engine), hostname) + if self.nested_groups: + self.push_group(self.inventory, 'rds_engines', self.to_safe("rds_" + instance.engine)) + + # Inventory: Group by parameter group + if self.group_by_rds_parameter_group: + self.push(self.inventory, self.to_safe("rds_parameter_group_" + instance.parameter_group.name), hostname) + if self.nested_groups: + self.push_group(self.inventory, 'rds_parameter_groups', self.to_safe("rds_parameter_group_" + instance.parameter_group.name)) + + # Global Tag: all RDS instances + self.push(self.inventory, 'rds', hostname) + + self.inventory["_meta"]["hostvars"][hostname] = self.get_host_info_dict_from_instance(instance) + self.inventory["_meta"]["hostvars"][hostname]['ansible_ssh_host'] = dest + + def add_elasticache_cluster(self, cluster, region): + ''' Adds an ElastiCache cluster to the inventory and index, as long as + it's nodes are addressable ''' + + # Only want available clusters unless all_elasticache_clusters is True + if not self.all_elasticache_clusters and cluster['CacheClusterStatus'] != 'available': + return + + # Select the best destination address + if 'ConfigurationEndpoint' in cluster and cluster['ConfigurationEndpoint']: + # Memcached cluster + dest = cluster['ConfigurationEndpoint']['Address'] + is_redis = False + else: + # Redis sigle node cluster + # Because all Redis clusters are single nodes, we'll merge the + # info from the cluster with info about the node + dest = cluster['CacheNodes'][0]['Endpoint']['Address'] + is_redis = True + + if not dest: + # Skip clusters we cannot address (e.g. private VPC subnet) + return + + # Add to index + self.index[dest] = [region, cluster['CacheClusterId']] + + # Inventory: Group by instance ID (always a group of 1) + if self.group_by_instance_id: + self.inventory[cluster['CacheClusterId']] = [dest] + if self.nested_groups: + self.push_group(self.inventory, 'instances', cluster['CacheClusterId']) + + # Inventory: Group by region + if self.group_by_region and not is_redis: + self.push(self.inventory, region, dest) + if self.nested_groups: + self.push_group(self.inventory, 'regions', region) + + # Inventory: Group by availability zone + if self.group_by_availability_zone and not is_redis: + self.push(self.inventory, cluster['PreferredAvailabilityZone'], dest) + if self.nested_groups: + if self.group_by_region: + self.push_group(self.inventory, region, cluster['PreferredAvailabilityZone']) + self.push_group(self.inventory, 'zones', cluster['PreferredAvailabilityZone']) + + # Inventory: Group by node type + if self.group_by_instance_type and not is_redis: + type_name = self.to_safe('type_' + cluster['CacheNodeType']) + self.push(self.inventory, type_name, dest) + if self.nested_groups: + self.push_group(self.inventory, 'types', type_name) + + # Inventory: Group by VPC (information not available in the current + # AWS API version for ElastiCache) + + # Inventory: Group by security group + if self.group_by_security_group and not is_redis: + + # Check for the existence of the 'SecurityGroups' key and also if + # this key has some value. When the cluster is not placed in a SG + # the query can return None here and cause an error. + if 'SecurityGroups' in cluster and cluster['SecurityGroups'] is not None: + for security_group in cluster['SecurityGroups']: + key = self.to_safe("security_group_" + security_group['SecurityGroupId']) + self.push(self.inventory, key, dest) + if self.nested_groups: + self.push_group(self.inventory, 'security_groups', key) + + # Inventory: Group by engine + if self.group_by_elasticache_engine and not is_redis: + self.push(self.inventory, self.to_safe("elasticache_" + cluster['Engine']), dest) + if self.nested_groups: + self.push_group(self.inventory, 'elasticache_engines', self.to_safe(cluster['Engine'])) + + # Inventory: Group by parameter group + if self.group_by_elasticache_parameter_group: + self.push(self.inventory, self.to_safe("elasticache_parameter_group_" + cluster['CacheParameterGroup']['CacheParameterGroupName']), dest) + if self.nested_groups: + self.push_group(self.inventory, 'elasticache_parameter_groups', self.to_safe(cluster['CacheParameterGroup']['CacheParameterGroupName'])) + + # Inventory: Group by replication group + if self.group_by_elasticache_replication_group and 'ReplicationGroupId' in cluster and cluster['ReplicationGroupId']: + self.push(self.inventory, self.to_safe("elasticache_replication_group_" + cluster['ReplicationGroupId']), dest) + if self.nested_groups: + self.push_group(self.inventory, 'elasticache_replication_groups', self.to_safe(cluster['ReplicationGroupId'])) + + # Global Tag: all ElastiCache clusters + self.push(self.inventory, 'elasticache_clusters', cluster['CacheClusterId']) + + host_info = self.get_host_info_dict_from_describe_dict(cluster) + + self.inventory["_meta"]["hostvars"][dest] = host_info + + # Add the nodes + for node in cluster['CacheNodes']: + self.add_elasticache_node(node, cluster, region) + + def add_elasticache_node(self, node, cluster, region): + ''' Adds an ElastiCache node to the inventory and index, as long as + it is addressable ''' + + # Only want available nodes unless all_elasticache_nodes is True + if not self.all_elasticache_nodes and node['CacheNodeStatus'] != 'available': + return + + # Select the best destination address + dest = node['Endpoint']['Address'] + + if not dest: + # Skip nodes we cannot address (e.g. private VPC subnet) + return + + node_id = self.to_safe(cluster['CacheClusterId'] + '_' + node['CacheNodeId']) + + # Add to index + self.index[dest] = [region, node_id] + + # Inventory: Group by node ID (always a group of 1) + if self.group_by_instance_id: + self.inventory[node_id] = [dest] + if self.nested_groups: + self.push_group(self.inventory, 'instances', node_id) + + # Inventory: Group by region + if self.group_by_region: + self.push(self.inventory, region, dest) + if self.nested_groups: + self.push_group(self.inventory, 'regions', region) + + # Inventory: Group by availability zone + if self.group_by_availability_zone: + self.push(self.inventory, cluster['PreferredAvailabilityZone'], dest) + if self.nested_groups: + if self.group_by_region: + self.push_group(self.inventory, region, cluster['PreferredAvailabilityZone']) + self.push_group(self.inventory, 'zones', cluster['PreferredAvailabilityZone']) + + # Inventory: Group by node type + if self.group_by_instance_type: + type_name = self.to_safe('type_' + cluster['CacheNodeType']) + self.push(self.inventory, type_name, dest) + if self.nested_groups: + self.push_group(self.inventory, 'types', type_name) + + # Inventory: Group by VPC (information not available in the current + # AWS API version for ElastiCache) + + # Inventory: Group by security group + if self.group_by_security_group: + + # Check for the existence of the 'SecurityGroups' key and also if + # this key has some value. When the cluster is not placed in a SG + # the query can return None here and cause an error. + if 'SecurityGroups' in cluster and cluster['SecurityGroups'] is not None: + for security_group in cluster['SecurityGroups']: + key = self.to_safe("security_group_" + security_group['SecurityGroupId']) + self.push(self.inventory, key, dest) + if self.nested_groups: + self.push_group(self.inventory, 'security_groups', key) + + # Inventory: Group by engine + if self.group_by_elasticache_engine: + self.push(self.inventory, self.to_safe("elasticache_" + cluster['Engine']), dest) + if self.nested_groups: + self.push_group(self.inventory, 'elasticache_engines', self.to_safe("elasticache_" + cluster['Engine'])) + + # Inventory: Group by parameter group (done at cluster level) + + # Inventory: Group by replication group (done at cluster level) + + # Inventory: Group by ElastiCache Cluster + if self.group_by_elasticache_cluster: + self.push(self.inventory, self.to_safe("elasticache_cluster_" + cluster['CacheClusterId']), dest) + + # Global Tag: all ElastiCache nodes + self.push(self.inventory, 'elasticache_nodes', dest) + + host_info = self.get_host_info_dict_from_describe_dict(node) + + if dest in self.inventory["_meta"]["hostvars"]: + self.inventory["_meta"]["hostvars"][dest].update(host_info) + else: + self.inventory["_meta"]["hostvars"][dest] = host_info + + def add_elasticache_replication_group(self, replication_group, region): + ''' Adds an ElastiCache replication group to the inventory and index ''' + + # Only want available clusters unless all_elasticache_replication_groups is True + if not self.all_elasticache_replication_groups and replication_group['Status'] != 'available': + return + + # Skip clusters we cannot address (e.g. private VPC subnet or clustered redis) + if replication_group['NodeGroups'][0]['PrimaryEndpoint'] is None or \ + replication_group['NodeGroups'][0]['PrimaryEndpoint']['Address'] is None: + return + + # Select the best destination address (PrimaryEndpoint) + dest = replication_group['NodeGroups'][0]['PrimaryEndpoint']['Address'] + + # Add to index + self.index[dest] = [region, replication_group['ReplicationGroupId']] + + # Inventory: Group by ID (always a group of 1) + if self.group_by_instance_id: + self.inventory[replication_group['ReplicationGroupId']] = [dest] + if self.nested_groups: + self.push_group(self.inventory, 'instances', replication_group['ReplicationGroupId']) + + # Inventory: Group by region + if self.group_by_region: + self.push(self.inventory, region, dest) + if self.nested_groups: + self.push_group(self.inventory, 'regions', region) + + # Inventory: Group by availability zone (doesn't apply to replication groups) + + # Inventory: Group by node type (doesn't apply to replication groups) + + # Inventory: Group by VPC (information not available in the current + # AWS API version for replication groups + + # Inventory: Group by security group (doesn't apply to replication groups) + # Check this value in cluster level + + # Inventory: Group by engine (replication groups are always Redis) + if self.group_by_elasticache_engine: + self.push(self.inventory, 'elasticache_redis', dest) + if self.nested_groups: + self.push_group(self.inventory, 'elasticache_engines', 'redis') + + # Global Tag: all ElastiCache clusters + self.push(self.inventory, 'elasticache_replication_groups', replication_group['ReplicationGroupId']) + + host_info = self.get_host_info_dict_from_describe_dict(replication_group) + + self.inventory["_meta"]["hostvars"][dest] = host_info + + def get_route53_records(self): + ''' Get and store the map of resource records to domain names that + point to them. ''' + + if self.boto_profile: + r53_conn = route53.Route53Connection(profile_name=self.boto_profile) + else: + r53_conn = route53.Route53Connection() + all_zones = r53_conn.get_zones() + + route53_zones = [zone for zone in all_zones if zone.name[:-1] not in self.route53_excluded_zones] + + self.route53_records = {} + + for zone in route53_zones: + rrsets = r53_conn.get_all_rrsets(zone.id) + + for record_set in rrsets: + record_name = record_set.name + + if record_name.endswith('.'): + record_name = record_name[:-1] + + for resource in record_set.resource_records: + self.route53_records.setdefault(resource, set()) + self.route53_records[resource].add(record_name) + + def get_instance_route53_names(self, instance): + ''' Check if an instance is referenced in the records we have from + Route53. If it is, return the list of domain names pointing to said + instance. If nothing points to it, return an empty list. ''' + + instance_attributes = ['public_dns_name', 'private_dns_name', + 'ip_address', 'private_ip_address'] + + name_list = set() + + for attrib in instance_attributes: + try: + value = getattr(instance, attrib) + except AttributeError: + continue + + if value in self.route53_records: + name_list.update(self.route53_records[value]) + + return list(name_list) + + def get_host_info_dict_from_instance(self, instance): + instance_vars = {} + for key in vars(instance): + value = getattr(instance, key) + key = self.to_safe('ec2_' + key) + + # Handle complex types + # state/previous_state changed to properties in boto in https://github.com/boto/boto/commit/a23c379837f698212252720d2af8dec0325c9518 + if key == 'ec2__state': + instance_vars['ec2_state'] = instance.state or '' + instance_vars['ec2_state_code'] = instance.state_code + elif key == 'ec2__previous_state': + instance_vars['ec2_previous_state'] = instance.previous_state or '' + instance_vars['ec2_previous_state_code'] = instance.previous_state_code + elif isinstance(value, (int, bool)): + instance_vars[key] = value + elif isinstance(value, six.string_types): + instance_vars[key] = value.strip() + elif value is None: + instance_vars[key] = '' + elif key == 'ec2_region': + instance_vars[key] = value.name + elif key == 'ec2__placement': + instance_vars['ec2_placement'] = value.zone + elif key == 'ec2_tags': + for k, v in value.items(): + if self.expand_csv_tags and ',' in v: + v = list(map(lambda x: x.strip(), v.split(','))) + key = self.to_safe('ec2_tag_' + k) + instance_vars[key] = v + elif key == 'ec2_groups': + group_ids = [] + group_names = [] + for group in value: + group_ids.append(group.id) + group_names.append(group.name) + instance_vars["ec2_security_group_ids"] = ','.join([str(i) for i in group_ids]) + instance_vars["ec2_security_group_names"] = ','.join([str(i) for i in group_names]) + elif key == 'ec2_block_device_mapping': + instance_vars["ec2_block_devices"] = {} + for k, v in value.items(): + instance_vars["ec2_block_devices"][os.path.basename(k)] = v.volume_id + else: + pass + # TODO Product codes if someone finds them useful + # print key + # print type(value) + # print value + + instance_vars[self.to_safe('ec2_account_id')] = self.aws_account_id + + return instance_vars + + def get_host_info_dict_from_describe_dict(self, describe_dict): + ''' Parses the dictionary returned by the API call into a flat list + of parameters. This method should be used only when 'describe' is + used directly because Boto doesn't provide specific classes. ''' + + # I really don't agree with prefixing everything with 'ec2' + # because EC2, RDS and ElastiCache are different services. + # I'm just following the pattern used until now to not break any + # compatibility. + + host_info = {} + for key in describe_dict: + value = describe_dict[key] + key = self.to_safe('ec2_' + self.uncammelize(key)) + + # Handle complex types + + # Target: Memcached Cache Clusters + if key == 'ec2_configuration_endpoint' and value: + host_info['ec2_configuration_endpoint_address'] = value['Address'] + host_info['ec2_configuration_endpoint_port'] = value['Port'] + + # Target: Cache Nodes and Redis Cache Clusters (single node) + if key == 'ec2_endpoint' and value: + host_info['ec2_endpoint_address'] = value['Address'] + host_info['ec2_endpoint_port'] = value['Port'] + + # Target: Redis Replication Groups + if key == 'ec2_node_groups' and value: + host_info['ec2_endpoint_address'] = value[0]['PrimaryEndpoint']['Address'] + host_info['ec2_endpoint_port'] = value[0]['PrimaryEndpoint']['Port'] + replica_count = 0 + for node in value[0]['NodeGroupMembers']: + if node['CurrentRole'] == 'primary': + host_info['ec2_primary_cluster_address'] = node['ReadEndpoint']['Address'] + host_info['ec2_primary_cluster_port'] = node['ReadEndpoint']['Port'] + host_info['ec2_primary_cluster_id'] = node['CacheClusterId'] + elif node['CurrentRole'] == 'replica': + host_info['ec2_replica_cluster_address_' + str(replica_count)] = node['ReadEndpoint']['Address'] + host_info['ec2_replica_cluster_port_' + str(replica_count)] = node['ReadEndpoint']['Port'] + host_info['ec2_replica_cluster_id_' + str(replica_count)] = node['CacheClusterId'] + replica_count += 1 + + # Target: Redis Replication Groups + if key == 'ec2_member_clusters' and value: + host_info['ec2_member_clusters'] = ','.join([str(i) for i in value]) + + # Target: All Cache Clusters + elif key == 'ec2_cache_parameter_group': + host_info["ec2_cache_node_ids_to_reboot"] = ','.join([str(i) for i in value['CacheNodeIdsToReboot']]) + host_info['ec2_cache_parameter_group_name'] = value['CacheParameterGroupName'] + host_info['ec2_cache_parameter_apply_status'] = value['ParameterApplyStatus'] + + # Target: Almost everything + elif key == 'ec2_security_groups': + + # Skip if SecurityGroups is None + # (it is possible to have the key defined but no value in it). + if value is not None: + sg_ids = [] + for sg in value: + sg_ids.append(sg['SecurityGroupId']) + host_info["ec2_security_group_ids"] = ','.join([str(i) for i in sg_ids]) + + # Target: Everything + # Preserve booleans and integers + elif isinstance(value, (int, bool)): + host_info[key] = value + + # Target: Everything + # Sanitize string values + elif isinstance(value, six.string_types): + host_info[key] = value.strip() + + # Target: Everything + # Replace None by an empty string + elif value is None: + host_info[key] = '' + + else: + # Remove non-processed complex types + pass + + return host_info + + def get_host_info(self): + ''' Get variables about a specific host ''' + + if len(self.index) == 0: + # Need to load index from cache + self.load_index_from_cache() + + if self.args.host not in self.index: + # try updating the cache + self.do_api_calls_update_cache() + if self.args.host not in self.index: + # host might not exist anymore + return self.json_format_dict({}, True) + + (region, instance_id) = self.index[self.args.host] + + instance = self.get_instance(region, instance_id) + return self.json_format_dict(self.get_host_info_dict_from_instance(instance), True) + + def push(self, my_dict, key, element): + ''' Push an element onto an array that may not have been defined in + the dict ''' + group_info = my_dict.setdefault(key, []) + if isinstance(group_info, dict): + host_list = group_info.setdefault('hosts', []) + host_list.append(element) + else: + group_info.append(element) + + def push_group(self, my_dict, key, element): + ''' Push a group as a child of another group. ''' + parent_group = my_dict.setdefault(key, {}) + if not isinstance(parent_group, dict): + parent_group = my_dict[key] = {'hosts': parent_group} + child_groups = parent_group.setdefault('children', []) + if element not in child_groups: + child_groups.append(element) + + def get_inventory_from_cache(self): + ''' Reads the inventory from the cache file and returns it as a JSON + object ''' + + with open(self.cache_path_cache, 'r') as f: + json_inventory = f.read() + return json_inventory + + def load_index_from_cache(self): + ''' Reads the index from the cache file sets self.index ''' + + with open(self.cache_path_index, 'rb') as f: + self.index = json.load(f) + + def write_to_cache(self, data, filename): + ''' Writes data in JSON format to a file ''' + + json_data = self.json_format_dict(data, True) + with open(filename, 'w') as f: + f.write(json_data) + + def uncammelize(self, key): + temp = re.sub('(.)([A-Z][a-z]+)', r'\1_\2', key) + return re.sub('([a-z0-9])([A-Z])', r'\1_\2', temp).lower() + + def to_safe(self, word): + ''' Converts 'bad' characters in a string to underscores so they can be used as Ansible groups ''' + regex = "[^A-Za-z0-9\_" + if not self.replace_dash_in_groups: + regex += "\-" + return re.sub(regex + "]", "_", word) + + def json_format_dict(self, data, pretty=False): + ''' Converts a dict to a JSON object and dumps it as a formatted + string ''' + + if pretty: + return json.dumps(data, sort_keys=True, indent=2) + else: + return json.dumps(data) + + +if __name__ == '__main__': + # Run the script + Ec2Inventory() diff --git a/ansible/reinit.yml b/ansible/reinit.yml new file mode 100644 index 000000000..de3263bb1 --- /dev/null +++ b/ansible/reinit.yml @@ -0,0 +1,8 @@ +--- + +- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" + user: root + roles: + - cleanupconfig + - { role: config, testnet_name: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" } + diff --git a/ansible/reset.yml b/ansible/reset.yml new file mode 100644 index 000000000..b5f92b4eb --- /dev/null +++ b/ansible/reset.yml @@ -0,0 +1,9 @@ +--- + +- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" + user: root + roles: + - stop + - cleanupconfig + - { role: config, testnet_name: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" } + - start diff --git a/ansible/restart.yml b/ansible/restart.yml new file mode 100644 index 000000000..2a5ccda80 --- /dev/null +++ b/ansible/restart.yml @@ -0,0 +1,7 @@ +--- + +- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" + user: root + roles: + - stop + - start diff --git a/ansible/roles/basecoin/tasks/start.yml b/ansible/roles/basecoin/tasks/start.yml deleted file mode 100644 index 5bbbc04a1..000000000 --- a/ansible/roles/basecoin/tasks/start.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - -- name: copy genesis file - template: > - src=genesis.json.j2 - dest={{tendermint_home}}/genesis.json - owner={{tendermint_user}} - group={{tendermint_group}} - mode=0644 - register: genesis_file_copied - -- name: get validators number from genesis file - shell: cat {{tendermint_home}}/genesis.json | jq ".validators | length" - register: num_validators - when: genesis_file_copied|changed - -- name: restart tendermint if number of validators greater than 0 - shell: echo "restarting ..." - when: genesis_file_copied|changed and num_validators.stdout|int > 0 - notify: restart tendermint - -- service: > - name=tendermint - state=started - enabled=yes - when: tendermint_manage_service diff --git a/ansible/roles/cleanupconfig/defaults/main.yml b/ansible/roles/cleanupconfig/defaults/main.yml new file mode 100644 index 000000000..bb7be858b --- /dev/null +++ b/ansible/roles/cleanupconfig/defaults/main.yml @@ -0,0 +1,6 @@ +--- +tendermint_home: /var/lib/tendermint + +basecoin_home: /var/lib/basecoin +basecoin_inprocess: false + diff --git a/ansible/roles/cleanupconfig/tasks/basecoin.yml b/ansible/roles/cleanupconfig/tasks/basecoin.yml new file mode 100644 index 000000000..3c500e7dd --- /dev/null +++ b/ansible/roles/cleanupconfig/tasks/basecoin.yml @@ -0,0 +1,5 @@ +--- + +- name: clear basecoin configuration folder + file: "path={{basecoin_home}}/.basecoin state=absent" + diff --git a/ansible/roles/cleanupconfig/tasks/main.yml b/ansible/roles/cleanupconfig/tasks/main.yml new file mode 100644 index 000000000..5eaf36e3b --- /dev/null +++ b/ansible/roles/cleanupconfig/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +- include: tendermint.yml + when: not basecoin_inprocess|bool + tags: config-tendermint + +- include: basecoin.yml + tags: config-basecoin + diff --git a/ansible/roles/cleanupconfig/tasks/tendermint.yml b/ansible/roles/cleanupconfig/tasks/tendermint.yml new file mode 100644 index 000000000..7321cab91 --- /dev/null +++ b/ansible/roles/cleanupconfig/tasks/tendermint.yml @@ -0,0 +1,5 @@ +--- + +- name: clear tendermint configuration folder + file: "path={{tendermint_home}}/.tendermint state=absent" + diff --git a/ansible/roles/config/defaults/main.yml b/ansible/roles/config/defaults/main.yml new file mode 100644 index 000000000..994b46660 --- /dev/null +++ b/ansible/roles/config/defaults/main.yml @@ -0,0 +1,12 @@ +--- +tendermint_user: tendermint +tendermint_group: tendermint +tendermint_home: /var/lib/tendermint + +basecoin_user: basecoin +basecoin_group: basecoin +basecoin_home: /var/lib/basecoin +basecoin_inprocess: false + +testnet_name: test-chain + diff --git a/ansible/roles/config/tasks/basecoin.yml b/ansible/roles/config/tasks/basecoin.yml new file mode 100644 index 000000000..344a89bd7 --- /dev/null +++ b/ansible/roles/config/tasks/basecoin.yml @@ -0,0 +1,43 @@ +--- + +- name: set basecoin configuration folder + file: "path={{basecoin_home}}/.basecoin state=directory mode=0700 owner={{basecoin_user}} group={{basecoin_group}}" + +- name: generate basecoin keys + when: basecoin_inprocess|bool + shell: "tendermint gen_validator > {{basecoin_home}}/.basecoin/priv_validator.json && chmod 0400 {{basecoin_home}}/.basecoin/priv_validator.json" + args: + warn: no + creates: "{{basecoin_home}}/.basecoin/priv_validator.json" + become: yes + become_user: "{{basecoin_user}}" + +- name: gather basecoin public keys + when: basecoin_inprocess|bool + command: "jq '.pub_key | .data' {{basecoin_home}}/.basecoin/priv_validator.json" + become: yes + become_user: "{{basecoin_user}}" + register: basecoinpubkeys + changed_when: false + +- name: register basecoin public keys as host facts + when: basecoin_inprocess|bool + set_fact: "basecoin_pubkey={{basecoinpubkeys.stdout_lines[0]}}" + connection: local + +- name: copy basecoin genesis.json - genesis_time will be updated + when: basecoin_inprocess|bool + template: + src: genesis-basecoin.json.j2 + dest: "{{basecoin_home}}/.basecoin/genesis.json" + become: yes + become_user: "{{basecoin_user}}" + +- name: copy basecoin config.toml + when: basecoin_inprocess|bool + template: + src: config.toml.j2 + dest: "{{basecoin_home}}/.basecoin/config.toml" + become: yes + become_user: "{{basecoin_user}}" + diff --git a/ansible/roles/config/tasks/main.yml b/ansible/roles/config/tasks/main.yml new file mode 100644 index 000000000..5eaf36e3b --- /dev/null +++ b/ansible/roles/config/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +- include: tendermint.yml + when: not basecoin_inprocess|bool + tags: config-tendermint + +- include: basecoin.yml + tags: config-basecoin + diff --git a/ansible/roles/config/tasks/tendermint.yml b/ansible/roles/config/tasks/tendermint.yml new file mode 100644 index 000000000..90ae9a4c7 --- /dev/null +++ b/ansible/roles/config/tasks/tendermint.yml @@ -0,0 +1,38 @@ +--- + +- name: set tendermint configuration folder + file: "path={{tendermint_home}}/.tendermint state=directory mode=0700 owner={{tendermint_user}} group={{tendermint_group}}" + +- name: generate tendermint keys + shell: "tendermint gen_validator > {{tendermint_home}}/.tendermint/priv_validator.json && chmod 0400 {{tendermint_home}}/.tendermint/priv_validator.json" + args: + warn: no + creates: "{{tendermint_home}}/.tendermint/priv_validator.json" + become: yes + become_user: "{{tendermint_user}}" + +- name: gather tendermint public keys + command: "jq '.pub_key | .data' {{tendermint_home}}/.tendermint/priv_validator.json" + become: yes + become_user: "{{tendermint_user}}" + register: tendermintpubkeys + changed_when: false + +- name: register tendermint public keys as host facts + set_fact: "tendermint_pubkey={{tendermintpubkeys.stdout_lines[0]}}" + connection: local + +- name: copy tendermint genesis.json - genesis_time will be updated + template: + src: genesis-tendermint.json.j2 + dest: "{{tendermint_home}}/.tendermint/genesis.json" + become: yes + become_user: "{{tendermint_user}}" + +- name: copy tendermint config.toml + template: + src: config.toml.j2 + dest: "{{tendermint_home}}/.tendermint/config.toml" + become: yes + become_user: "{{tendermint_user}}" + diff --git a/ansible/roles/config/templates/config.toml.j2 b/ansible/roles/config/templates/config.toml.j2 new file mode 100644 index 000000000..4560c9634 --- /dev/null +++ b/ansible/roles/config/templates/config.toml.j2 @@ -0,0 +1,16 @@ +# This is a TOML config file. +# For more information, see https://github.com/toml-lang/toml + +proxy_app = "tcp://127.0.0.1:46658" +moniker = "{{inventory_hostname}}" +fast_sync = true +db_backend = "leveldb" +log_level = "debug" + +[rpc] +laddr = "tcp://{{ do_private_ip | default('0.0.0.0') }}:46657" + +[p2p] +laddr = "tcp://{{inventory_hostname}}:46656" +{% set comma = joiner(",") %}seeds = "{% for host in groups[testnet_name]|difference(inventory_hostname) %}{{ comma() }}{{hostvars[host]["inventory_hostname"]}}:46656{% endfor %}" + diff --git a/ansible/roles/config/templates/genesis-basecoin.json.j2 b/ansible/roles/config/templates/genesis-basecoin.json.j2 new file mode 100644 index 000000000..f3998a2c6 --- /dev/null +++ b/ansible/roles/config/templates/genesis-basecoin.json.j2 @@ -0,0 +1,32 @@ +{ + "app_options": { + "accounts": [{ + "pub_key": { + "type": "ed25519", + "data": "619D3678599971ED29C7529DDD4DA537B97129893598A17C82E3AC9A8BA95279" + }, + "coins": [ + { + "denom": "mycoin", + "amount": 9007199254740992 + } + ] + }] + }, + "genesis_time":"{{ansible_date_time.iso8601_micro}}", + "chain_id":"{{testnet_name}}", + "validators": + [ +{% set comma = joiner(",") %} +{% for host in groups[testnet_name] %} + {{ comma() }} + { + "pub_key":{"type":"ed25519","data":{{hostvars[host]["basecoin_pubkey"]}}}, + "amount":10, + "name":"{{hostvars[host]["ansible_hostname"]}}" + } +{% endfor %} + ], + "app_hash":"" +} + diff --git a/ansible/roles/config/templates/genesis-tendermint.json.j2 b/ansible/roles/config/templates/genesis-tendermint.json.j2 new file mode 100644 index 000000000..fb4dacbd2 --- /dev/null +++ b/ansible/roles/config/templates/genesis-tendermint.json.j2 @@ -0,0 +1,32 @@ +{ + "app_options": { + "accounts": [{ + "pub_key": { + "type": "ed25519", + "data": "619D3678599971ED29C7529DDD4DA537B97129893598A17C82E3AC9A8BA95279" + }, + "coins": [ + { + "denom": "mycoin", + "amount": 9007199254740992 + } + ] + }] + }, + "genesis_time":"{{ansible_date_time.iso8601}}", + "chain_id":"{{testnet_name}}", + "validators": + [ +{% set comma = joiner(",") %} +{% for host in groups[testnet_name] %} + {{ comma() }} + { + "pub_key":{"type":"ed25519","data":{{hostvars[host]["tendermint_pubkey"]}}}, + "amount":10, + "name":"{{hostvars[host]["ansible_hostname"]}}" + } +{% endfor %} + ], + "app_hash":"" +} + diff --git a/ansible/roles/basecoin/ansible.cfg b/ansible/roles/install-basecoin/ansible.cfg similarity index 100% rename from ansible/roles/basecoin/ansible.cfg rename to ansible/roles/install-basecoin/ansible.cfg diff --git a/ansible/roles/basecoin/defaults/main.yml b/ansible/roles/install-basecoin/defaults/main.yml similarity index 74% rename from ansible/roles/basecoin/defaults/main.yml rename to ansible/roles/install-basecoin/defaults/main.yml index 0be7753e8..3fded3836 100644 --- a/ansible/roles/basecoin/defaults/main.yml +++ b/ansible/roles/install-basecoin/defaults/main.yml @@ -1,5 +1,5 @@ --- -basecoin_release_install: false +basecoin_release_install: true basecoin_version: 0.4.0 basecoin_download: "https://s3-us-west-2.amazonaws.com/tendermint/binaries/basecoin/v{{basecoin_version}}/basecoin_{{basecoin_version}}_linux_amd64.zip" @@ -12,12 +12,9 @@ basecoin_group: basecoin # Upstart start/stop conditions can vary by distribution and environment basecoin_upstart_start_on: start on runlevel [345] basecoin_upstart_stop_on: stop on runlevel [!345] -basecoin_manage_service: true -basecoin_use_upstart: true -basecoin_use_systemd: false -basecoin_upstart_template: "basecoin.conf.j2" -basecoin_systemd_template: "basecoin.systemd.j2" basecoin_home: /var/lib/basecoin basecoin_log_file: /var/log/basecoin.log +basecoin_inprocess: false + diff --git a/ansible/roles/install-basecoin/files/key.json b/ansible/roles/install-basecoin/files/key.json new file mode 100644 index 000000000..c557b2204 --- /dev/null +++ b/ansible/roles/install-basecoin/files/key.json @@ -0,0 +1,11 @@ +{ + "address": "1B1BE55F969F54064628A63B9559E7C21C925165", + "priv_key": { + "type": "ed25519", + "data": "C70D6934B4F55F1B7BC33B56B9CA8A2061384AFC19E91E44B40C4BBA182953D1619D3678599971ED29C7529DDD4DA537B97129893598A17C82E3AC9A8BA95279" + }, + "pub_key": { + "type": "ed25519", + "data": "619D3678599971ED29C7529DDD4DA537B97129893598A17C82E3AC9A8BA95279" + } +} \ No newline at end of file diff --git a/ansible/roles/install-basecoin/files/key2.json b/ansible/roles/install-basecoin/files/key2.json new file mode 100644 index 000000000..4ccb43f60 --- /dev/null +++ b/ansible/roles/install-basecoin/files/key2.json @@ -0,0 +1,11 @@ +{ + "address": "1DA7C74F9C219229FD54CC9F7386D5A3839F0090", + "priv_key": { + "type": "ed25519", + "data": "34BAE9E65CE8245FAD035A0E3EED9401BDE8785FFB3199ACCF8F5B5DDF7486A8352195DA90CB0B90C24295B90AEBA25A5A71BC61BAB2FE2387241D439698B7B8" + }, + "pub_key": { + "type": "ed25519", + "data": "352195DA90CB0B90C24295B90AEBA25A5A71BC61BAB2FE2387241D439698B7B8" + } +} \ No newline at end of file diff --git a/ansible/roles/basecoin/handlers/main.yml b/ansible/roles/install-basecoin/handlers/main.yml similarity index 100% rename from ansible/roles/basecoin/handlers/main.yml rename to ansible/roles/install-basecoin/handlers/main.yml diff --git a/ansible/roles/basecoin/tasks/install.yml b/ansible/roles/install-basecoin/tasks/install.yml similarity index 81% rename from ansible/roles/basecoin/tasks/install.yml rename to ansible/roles/install-basecoin/tasks/install.yml index 92ea01f59..1ac0b39b0 100644 --- a/ansible/roles/basecoin/tasks/install.yml +++ b/ansible/roles/install-basecoin/tasks/install.yml @@ -69,7 +69,7 @@ changed_when: false - name: copy and unpack release binary - when: basecoin_release_install + when: basecoin_release_install|bool unarchive: > src={{basecoin_download}} dest=/usr/local/bin @@ -77,33 +77,38 @@ mode=0755 - name: copy compiled binary - when: not basecoin_release_install + when: not basecoin_release_install|bool copy: > src={{basecoin_binary}} dest=/usr/local/bin mode=0755 -- name: initialize basecoin - command: "basecoin init" - become: yes - become_user: "{{basecoin_user}}" - - name: copy upstart script template: > - src={{basecoin_upstart_template}} + src=basecoin.conf.j2 dest=/etc/init/basecoin.conf owner=root group=root mode=0644 - when: basecoin_use_upstart + when: "ansible_service_mgr == 'upstart'" - name: copy systemd script template: > - src={{basecoin_systemd_template}} + src=basecoin.systemd.j2 dest=/etc/systemd/system/basecoin.service owner=root group=root mode=0644 - when: basecoin_use_systemd + when: "ansible_service_mgr == 'systemd'" notify: - reload systemd + +- name: Create example folder + file: path=/usr/share/basecoin/example-keys state=directory + +- name: Copy example keys + copy: "src={{item}} dest=/usr/share/basecoin/example-keys/{{item}}" + with_items: + - key.json + - key2.json + diff --git a/ansible/roles/basecoin/tasks/main.yml b/ansible/roles/install-basecoin/tasks/main.yml similarity index 91% rename from ansible/roles/basecoin/tasks/main.yml rename to ansible/roles/install-basecoin/tasks/main.yml index 73bc8379e..6f77828d9 100644 --- a/ansible/roles/basecoin/tasks/main.yml +++ b/ansible/roles/install-basecoin/tasks/main.yml @@ -5,4 +5,4 @@ - "{{ ansible_os_family }}-{{ ansible_distribution_major_version}}.yml" - "{{ ansible_os_family }}.yml" - include: install.yml -#- include: start.yml + diff --git a/ansible/roles/basecoin/templates/basecoin.conf.j2 b/ansible/roles/install-basecoin/templates/basecoin.conf.j2 similarity index 58% rename from ansible/roles/basecoin/templates/basecoin.conf.j2 rename to ansible/roles/install-basecoin/templates/basecoin.conf.j2 index bb9c822b2..61fcb0f03 100644 --- a/ansible/roles/basecoin/templates/basecoin.conf.j2 +++ b/ansible/roles/install-basecoin/templates/basecoin.conf.j2 @@ -6,7 +6,7 @@ stop on {{ basecoin_upstart_stop_on }} script # Use su to become tendermint user non-interactively on old Upstart versions (see http://superuser.com/a/234541/76168) - exec su -s /bin/sh -c 'TMROOT={{basecoin_home}} exec "$0" "$@" >> {{ basecoin_log_file }} 2>&1' {{basecoin_user}} -- /usr/local/bin/basecoin start --without-tendermint + exec su -s /bin/sh -c 'BCHOME={{basecoin_home}}/.basecoin exec "$0" "$@" >> {{ basecoin_log_file }} 2>&1' {{basecoin_user}} -- /usr/local/bin/basecoin start{{basecoin_inprocess|bool | ternary('',' --without-tendermint')}} end script respawn diff --git a/ansible/roles/basecoin/templates/basecoin.systemd.j2 b/ansible/roles/install-basecoin/templates/basecoin.systemd.j2 similarity index 53% rename from ansible/roles/basecoin/templates/basecoin.systemd.j2 rename to ansible/roles/install-basecoin/templates/basecoin.systemd.j2 index d6925f8dc..26d347dc1 100644 --- a/ansible/roles/basecoin/templates/basecoin.systemd.j2 +++ b/ansible/roles/install-basecoin/templates/basecoin.systemd.j2 @@ -4,12 +4,12 @@ Requires=network-online.target After=network-online.target [Service] -Environment="TMROOT={{tendermint_home}}" +Environment="BCHOME={{basecoin_home}}/.basecoin" Restart=on-failure -User={{ tendermint_user }} -Group={{ tendermint_group }} +User={{ basecoin_user }} +Group={{ basecoin_group }} PermissionsStartOnly=true -ExecStart=/usr/local/bin/basecoin start --without-tendermint +ExecStart=/usr/local/bin/basecoin start{{basecoin_inprocess|bool | ternary('',' --without-tendermint')}} ExecReload=/bin/kill -HUP $MAINPID KillSignal=SIGINT diff --git a/ansible/roles/basecoin/vars/Debian.yml b/ansible/roles/install-basecoin/vars/Debian.yml similarity index 100% rename from ansible/roles/basecoin/vars/Debian.yml rename to ansible/roles/install-basecoin/vars/Debian.yml diff --git a/ansible/roles/basecoin/vars/RedHat.yml b/ansible/roles/install-basecoin/vars/RedHat.yml similarity index 100% rename from ansible/roles/basecoin/vars/RedHat.yml rename to ansible/roles/install-basecoin/vars/RedHat.yml diff --git a/ansible/roles/tendermint/defaults/main.yml b/ansible/roles/install-tendermint/defaults/main.yml similarity index 74% rename from ansible/roles/tendermint/defaults/main.yml rename to ansible/roles/install-tendermint/defaults/main.yml index d8f72eec7..69fc1b96f 100644 --- a/ansible/roles/tendermint/defaults/main.yml +++ b/ansible/roles/install-tendermint/defaults/main.yml @@ -1,5 +1,5 @@ --- -tendermint_release_install: false +tendermint_release_install: true tendermint_version: 0.10.0-rc1 tendermint_download: "https://s3-us-west-2.amazonaws.com/tendermint/binaries/tendermint/v{{tendermint_version}}/tendermint_{{tendermint_version}}_linux_amd64.zip" @@ -12,11 +12,6 @@ tendermint_group: tendermint # Upstart start/stop conditions can vary by distribution and environment tendermint_upstart_start_on: start on runlevel [345] tendermint_upstart_stop_on: stop on runlevel [!345] -tendermint_manage_service: true -tendermint_use_upstart: true -tendermint_use_systemd: false -tendermint_upstart_template: "tendermint.conf.j2" -tendermint_systemd_template: "tendermint.systemd.j2" tendermint_home: /var/lib/tendermint tendermint_log_file: /var/log/tendermint.log diff --git a/ansible/roles/tendermint/handlers/main.yml b/ansible/roles/install-tendermint/handlers/main.yml similarity index 100% rename from ansible/roles/tendermint/handlers/main.yml rename to ansible/roles/install-tendermint/handlers/main.yml diff --git a/ansible/roles/tendermint/tasks/install.yml b/ansible/roles/install-tendermint/tasks/install.yml similarity index 85% rename from ansible/roles/tendermint/tasks/install.yml rename to ansible/roles/install-tendermint/tasks/install.yml index 80647c2fa..e8826b23a 100644 --- a/ansible/roles/tendermint/tasks/install.yml +++ b/ansible/roles/install-tendermint/tasks/install.yml @@ -69,7 +69,7 @@ changed_when: false - name: copy and unpack release binary - when: tendermint_release_install + when: tendermint_release_install|bool unarchive: > src={{tendermint_download}} dest=/usr/local/bin @@ -77,33 +77,28 @@ mode=0755 - name: copy compiled binary - when: not tendermint_release_install + when: not tendermint_release_install|bool copy: > src={{tendermint_binary}} dest=/usr/local/bin mode=0755 -- name: initialize tendermint - command: "tendermint init" - become: yes - become_user: "{{tendermint_user}}" - - name: copy upstart script template: > - src={{tendermint_upstart_template}} + src=tendermint.conf.j2 dest=/etc/init/tendermint.conf owner=root group=root mode=0644 - when: tendermint_use_upstart + when: "ansible_service_mgr == 'upstart'" - name: copy systemd script template: > - src={{tendermint_systemd_template}} + src=tendermint.systemd.j2 dest=/etc/systemd/system/tendermint.service owner=root group=root mode=0644 - when: tendermint_use_systemd + when: "ansible_service_mgr == 'systemd'" notify: - reload systemd diff --git a/ansible/roles/tendermint/tasks/main.yml b/ansible/roles/install-tendermint/tasks/main.yml similarity index 83% rename from ansible/roles/tendermint/tasks/main.yml rename to ansible/roles/install-tendermint/tasks/main.yml index 8a7450b68..6f77828d9 100644 --- a/ansible/roles/tendermint/tasks/main.yml +++ b/ansible/roles/install-tendermint/tasks/main.yml @@ -5,5 +5,4 @@ - "{{ ansible_os_family }}-{{ ansible_distribution_major_version}}.yml" - "{{ ansible_os_family }}.yml" - include: install.yml -- include: genesis.yml -#- include: start.yml + diff --git a/ansible/roles/tendermint/templates/tendermint.conf.j2 b/ansible/roles/install-tendermint/templates/tendermint.conf.j2 similarity index 62% rename from ansible/roles/tendermint/templates/tendermint.conf.j2 rename to ansible/roles/install-tendermint/templates/tendermint.conf.j2 index d65cebb77..362094a21 100644 --- a/ansible/roles/tendermint/templates/tendermint.conf.j2 +++ b/ansible/roles/install-tendermint/templates/tendermint.conf.j2 @@ -6,7 +6,7 @@ stop on {{ tendermint_upstart_stop_on }} script # Use su to become tendermint user non-interactively on old Upstart versions (see http://superuser.com/a/234541/76168) - exec su -s /bin/sh -c 'TMROOT={{tendermint_home}} exec "$0" "$@" >> {{ tendermint_log_file }} 2>&1' {{ tendermint_user }} -- /usr/local/bin/tendermint node --moniker={{inventory_hostname}} + exec su -s /bin/sh -c 'TMHOME={{tendermint_home}}/.tendermint exec "$0" "$@" >> {{ tendermint_log_file }} 2>&1' {{ tendermint_user }} -- /usr/local/bin/tendermint node end script respawn diff --git a/ansible/roles/tendermint/templates/tendermint.systemd.j2 b/ansible/roles/install-tendermint/templates/tendermint.systemd.j2 similarity index 71% rename from ansible/roles/tendermint/templates/tendermint.systemd.j2 rename to ansible/roles/install-tendermint/templates/tendermint.systemd.j2 index e15803505..2e22a563a 100644 --- a/ansible/roles/tendermint/templates/tendermint.systemd.j2 +++ b/ansible/roles/install-tendermint/templates/tendermint.systemd.j2 @@ -4,12 +4,12 @@ Requires=network-online.target After=network-online.target [Service] -Environment="TMROOT={{tendermint_home}}" +Environment="TMHOME={{tendermint_home}}/.tendermint" Restart=on-failure User={{ tendermint_user }} Group={{ tendermint_group }} PermissionsStartOnly=true -ExecStart=/usr/local/bin/tendermint node --moniker={{inventory_hostname}} +ExecStart=/usr/local/bin/tendermint node ExecReload=/bin/kill -HUP $MAINPID KillSignal=SIGINT diff --git a/ansible/roles/tendermint/vars/Debian.yml b/ansible/roles/install-tendermint/vars/Debian.yml similarity index 100% rename from ansible/roles/tendermint/vars/Debian.yml rename to ansible/roles/install-tendermint/vars/Debian.yml diff --git a/ansible/roles/tendermint/vars/RedHat.yml b/ansible/roles/install-tendermint/vars/RedHat.yml similarity index 100% rename from ansible/roles/tendermint/vars/RedHat.yml rename to ansible/roles/install-tendermint/vars/RedHat.yml diff --git a/ansible/roles/start/defaults/main.yml b/ansible/roles/start/defaults/main.yml new file mode 100644 index 000000000..313a992d8 --- /dev/null +++ b/ansible/roles/start/defaults/main.yml @@ -0,0 +1,3 @@ +--- +basecoin_inprocess: false + diff --git a/ansible/roles/start/tasks/main.yml b/ansible/roles/start/tasks/main.yml new file mode 100644 index 000000000..603f597ee --- /dev/null +++ b/ansible/roles/start/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +- name: start basecoin + service: name=basecoin state=started + +- name: start tendermint + when: not basecoin_inprocess|bool + service: name=tendermint state=started + diff --git a/ansible/roles/stop/defaults/main.yml b/ansible/roles/stop/defaults/main.yml new file mode 100644 index 000000000..313a992d8 --- /dev/null +++ b/ansible/roles/stop/defaults/main.yml @@ -0,0 +1,3 @@ +--- +basecoin_inprocess: false + diff --git a/ansible/roles/stop/tasks/main.yml b/ansible/roles/stop/tasks/main.yml new file mode 100644 index 000000000..0636018e4 --- /dev/null +++ b/ansible/roles/stop/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +- name: stop tendermint + when: not basecoin_inprocess|bool + service: name=tendermint state=stopped + +- name: stop basecoin + service: name=basecoin state=stopped + diff --git a/ansible/roles/tendermint/tasks/genesis.yml b/ansible/roles/tendermint/tasks/genesis.yml deleted file mode 100644 index f00c160d6..000000000 --- a/ansible/roles/tendermint/tasks/genesis.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: gather tendermint public keys - command: "jq '.pub_key | .data' {{tendermint_home}}/.tendermint/priv_validator.json" - become: yes - become_user: "{{tendermint_user}}" - register: tendermintpubkeys - -- name: register public keys as host facts - set_fact: "pubkey={{tendermintpubkeys.stdout_lines[0]}}" - connection: local - -- name: copy genesis.json - template: - src: genesis.json.j2 - dest: "{{tendermint_home}}/.tendermint/genesis.json" - become: yes - become_user: "{{tendermint_user}}" - - diff --git a/ansible/roles/tendermint/tasks/start.yml b/ansible/roles/tendermint/tasks/start.yml deleted file mode 100644 index 5bbbc04a1..000000000 --- a/ansible/roles/tendermint/tasks/start.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - -- name: copy genesis file - template: > - src=genesis.json.j2 - dest={{tendermint_home}}/genesis.json - owner={{tendermint_user}} - group={{tendermint_group}} - mode=0644 - register: genesis_file_copied - -- name: get validators number from genesis file - shell: cat {{tendermint_home}}/genesis.json | jq ".validators | length" - register: num_validators - when: genesis_file_copied|changed - -- name: restart tendermint if number of validators greater than 0 - shell: echo "restarting ..." - when: genesis_file_copied|changed and num_validators.stdout|int > 0 - notify: restart tendermint - -- service: > - name=tendermint - state=started - enabled=yes - when: tendermint_manage_service diff --git a/ansible/roles/tendermint/templates/genesis.json.j2 b/ansible/roles/tendermint/templates/genesis.json.j2 deleted file mode 100644 index a1655fc80..000000000 --- a/ansible/roles/tendermint/templates/genesis.json.j2 +++ /dev/null @@ -1,16 +0,0 @@ -{ - "genesis_time":"{{ansible_date_time.iso8601}}", - "chain_id":"{{testnet_name}}", - "validators": - [ -{% for host in groups[testnet_name] %} - { - "pub_key":{"type":"ed25519","data":{{hostvars[host]["pubkey"]}}}, - "amount":10, - "name":"{{hostvars[host]["ansible_hostname"]}}" - } -{% endfor %} - ], - "app_hash":"" -} - diff --git a/ansible/start.yml b/ansible/start.yml new file mode 100644 index 000000000..1df2e484f --- /dev/null +++ b/ansible/start.yml @@ -0,0 +1,7 @@ +--- + +- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" + user: root + roles: + - start + diff --git a/ansible/stop.yml b/ansible/stop.yml new file mode 100644 index 000000000..3a5dbcc91 --- /dev/null +++ b/ansible/stop.yml @@ -0,0 +1,7 @@ +--- + +- hosts: "{{ lookup('env','TF_VAR_TESTNET_NAME') }}" + user: root + roles: + - stop + diff --git a/create-digitalocean-testnet.sh b/create-digitalocean-testnet.sh index 930470310..a0a324703 100755 --- a/create-digitalocean-testnet.sh +++ b/create-digitalocean-testnet.sh @@ -2,10 +2,16 @@ # This is an example set of commands that uses Terraform and Ansible to create a testnet on Digital Ocean. # Prerequisites: terraform, ansible, DigitalOcean API token, ssh-agent running with the same SSH keys added that are set up during terraform - +# Optional: GOPATH if you build the app yourself #export DO_API_TOKEN="" +#export GOPATH="" -TF_VAR_TESTNET_NAME="$1" +### +# Find out TF_VAR_TESTNET_NAME (testnet name) +### +if [ $# -gt 0 ]; then + TF_VAR_TESTNET_NAME="$1" +fi if [ -z "$TF_VAR_TESTNET_NAME" ]; then echo "Usage: $0 " @@ -14,15 +20,38 @@ if [ -z "$TF_VAR_TESTNET_NAME" ]; then exit fi -cd terraforce +### +# Build Digital Ocean infrastructure +### +SERVERS=2 +cd terraform-digitalocean terraform init terraform env new "$TF_VAR_TESTNET_NAME" -terraform apply -var servers=4 -var DO_API_TOKEN="$DO_API_TOKEN" +terraform apply -var servers=$SERVERS -var DO_API_TOKEN="$DO_API_TOKEN" cd .. +### +# Build applications (optional) +### +if [ -n "$GOPATH" ]; then + go get -u github.com/tendermint/tendermint/cmd/tendermint + go get -u github.com/tendermint/basecoin/cmd/basecoin + ANSIBLE_ADDITIONAL_VARS="-e tendermint_release_install=false -e basecoin_release_intall=false" +fi + +### +# Deploy application +### #Note that SSH Agent needs to be running with SSH keys added or ansible-playbook requires the --private-key option. cd ansible python -u inventory/digital_ocean.py --refresh-cache 1> /dev/null -ansible-playbook -i inventory/digital_ocean.py install.yml +ansible-playbook -i inventory/digital_ocean.py install.yml $ANSIBLE_ADDITIONAL_VARS +cd .. + +### +# Start application +### +cd ansible +ansible-playbook -i inventory/digital_ocean.py start.yml cd .. diff --git a/terraforce/scripts/copy_run.sh b/terraforce/scripts/copy_run.sh deleted file mode 100644 index 31c8eb117..000000000 --- a/terraforce/scripts/copy_run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/bash -set -u - -N=$1 # number of nodes -RUN=$2 # path to run script - -N_=$((N-1)) - -# stop all tendermint -terraforce scp --user root --ssh-key $HOME/.ssh/id_rsa --machines "[0-$N_]" $RUN run.sh diff --git a/terraforce/scripts/init.sh b/terraforce/scripts/init.sh deleted file mode 100644 index 15b8e3247..000000000 --- a/terraforce/scripts/init.sh +++ /dev/null @@ -1,43 +0,0 @@ -#! /bin/bash -set -u - -N=$1 # number of nodes -TESTNET=$2 # path to folder containing testnet info -CONFIG=$3 # path to folder containing `bins` and `run.sh` files - -if [[ ! -f $CONFIG/bins ]]; then - echo "config folder ($CONFIG) must contain bins file" - exit 1 -fi -if [[ ! -f $CONFIG/run.sh ]]; then - echo "config folder ($CONFIG) must contain run.sh file" - exit 1 -fi - -KEY=$HOME/.ssh/id_rsa - -FLAGS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" - -N_=$((N-1)) # 0-based index - -MACH_ROOT="$TESTNET/mach?" - - -# mkdir -terraforce ssh --user root --ssh-key $KEY --machines "[0-$N_]" mkdir .tendermint - -# copy over genesis/priv_val -terraforce scp --user root --ssh-key $KEY --iterative --machines "[0-$N_]" "$MACH_ROOT/priv_validator.json" .tendermint/priv_validator.json -terraforce scp --user root --ssh-key $KEY --iterative --machines "[0-$N_]" "$MACH_ROOT/genesis.json" .tendermint/genesis.json - -# copy the run script -terraforce scp --user root --ssh-key $KEY --machines "[0-$N_]" $CONFIG/run.sh run.sh - -# copy the binaries -while read line; do - local_bin=$(eval echo $line) - remote_bin=$(basename $local_bin) - echo $local_bin - terraforce scp --user root --ssh-key $KEY --machines "[0-$N_]" $local_bin $remote_bin - terraforce ssh --user root --ssh-key $KEY --machines "[0-$N_]" chmod +x $remote_bin -done <$CONFIG/bins diff --git a/terraforce/scripts/query.sh b/terraforce/scripts/query.sh deleted file mode 100644 index c77cf61dc..000000000 --- a/terraforce/scripts/query.sh +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/bash -set -u - -N=$1 # number of nodes -QUERY=$2 - -N_=$((N-1)) - -# start all tendermint nodes -terraforce ssh --user root --ssh-key $HOME/.ssh/id_rsa --machines "[0-$N_]" curl -s localhost:46657/$QUERY - diff --git a/terraforce/scripts/reset.sh b/terraforce/scripts/reset.sh deleted file mode 100644 index 2bef5324c..000000000 --- a/terraforce/scripts/reset.sh +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/bash -set -u - -N=$1 # number of nodes - -N_=$((N-1)) - -# stop all tendermint -terraforce ssh --user root --ssh-key $HOME/.ssh/id_rsa --machines "[0-$N_]" rm -rf .tendermint/data -terraforce ssh --user root --ssh-key $HOME/.ssh/id_rsa --machines "[0-$N_]" ./tendermint unsafe_reset_priv_validator diff --git a/terraforce/scripts/restart.sh b/terraforce/scripts/restart.sh deleted file mode 100644 index 03ff1918e..000000000 --- a/terraforce/scripts/restart.sh +++ /dev/null @@ -1,9 +0,0 @@ -#! /bin/bash -set -u - -N=$1 # number of nodes - -N_=$((N-1)) - -# start -terraforce ssh --user root --ssh-key $HOME/.ssh/id_rsa --machines "[0-$N_]" SEEDS=$(terraform output seeds) bash run.sh diff --git a/terraforce/scripts/start.sh b/terraforce/scripts/start.sh deleted file mode 100644 index e72a8da68..000000000 --- a/terraforce/scripts/start.sh +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/bash -set -u - -N=$1 # number of nodes - -N_=$((N-1)) - -# start all tendermint nodes -terraforce ssh --user root --ssh-key $HOME/.ssh/id_rsa --machines "[0-$N_]" SEEDS=$(terraform output seeds) bash run.sh - diff --git a/terraforce/scripts/stop.sh b/terraforce/scripts/stop.sh deleted file mode 100644 index bdb55869c..000000000 --- a/terraforce/scripts/stop.sh +++ /dev/null @@ -1,9 +0,0 @@ -#! /bin/bash -set -u - -N=$1 # number of nodes - -N_=$((N-1)) - -# stop all tendermint -terraforce ssh --user root --ssh-key $HOME/.ssh/id_rsa --machines "[0-$N_]" killall tendermint diff --git a/terraform-aws/README.md b/terraform-aws/README.md new file mode 100644 index 000000000..5e23c5b4d --- /dev/null +++ b/terraform-aws/README.md @@ -0,0 +1,4 @@ +# Terraform for Amazon AWS + +To be done... + diff --git a/terraforce/README.md b/terraform-digitalocean/README.md similarity index 100% rename from terraforce/README.md rename to terraform-digitalocean/README.md diff --git a/terraforce/cluster/main.tf b/terraform-digitalocean/cluster/main.tf similarity index 100% rename from terraforce/cluster/main.tf rename to terraform-digitalocean/cluster/main.tf diff --git a/terraforce/cluster/outputs.tf b/terraform-digitalocean/cluster/outputs.tf similarity index 100% rename from terraforce/cluster/outputs.tf rename to terraform-digitalocean/cluster/outputs.tf diff --git a/terraforce/cluster/variables.tf b/terraform-digitalocean/cluster/variables.tf similarity index 100% rename from terraforce/cluster/variables.tf rename to terraform-digitalocean/cluster/variables.tf diff --git a/terraforce/main.tf b/terraform-digitalocean/main.tf similarity index 96% rename from terraforce/main.tf rename to terraform-digitalocean/main.tf index d83d10e6b..dec255b1e 100644 --- a/terraforce/main.tf +++ b/terraform-digitalocean/main.tf @@ -1,4 +1,4 @@ -#DigitalOcean Terraform Configuration +#Terraform Configuration variable "DO_API_TOKEN" { description = "DigitalOcean Access Token" diff --git a/terraforce/transact/transact.go b/transact/transact.go similarity index 100% rename from terraforce/transact/transact.go rename to transact/transact.go